This page contains abstracts of selected articles by Alexander L. Wolf. The abstracts are listed in reverse order of publication date.
Full text of the articles is available either from a digital library through a Digital Object Identifier (DOI) link, or directly by downloading from this site in PDF or compressed Postscript. Retrieve an article by clicking on the format of choice available. Clicking also indicates your unconditional agreement to abide by all applicable copyright agreements.
All technical reports are available here, including those that have been superseded by general publication.This page was last updated on 22 June 2018.
Feature Engineering |
Petr Novotny, Bong Jun Ko, and Alexander L. Wolf
We present a method to locate faults in service-based software systems
hosted on mobile ad hoc networks (MANETs). In such systems,
computations are structured as interdependent services distributed
across the network, collaborating to satisfy client requests. Faults,
which may occur at either or both the service and network layers,
propagate by cascading through some subset of the services, from their
root causes back to the clients that initiate requests. Fault
localization in this environment is especially challenging because the
systems are typically subject to a wider variety and higher incidence
of faults than those deployed in fixed networks, the resources
available to collect and store analysis data are severely limited, and
many of the sources of faults are by their nature transient. Our
method makes use of service-dependence and fault data that are
harvested in the network through decentralized, run-time observations
of service interactions and fault symptoms. We have designed timing-
and Bayesian-based reasoning techniques to analyze the data in the
context of a specific fault propagation model. The analysis provides a
ranked list of candidate fault locations. Through extensive
simulations, we evaluate the performance of our method in terms of its
accuracy in correctly ranking root causes under a wide range of
operational conditions.
IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 3, May-June 2018, pp. 452-465.
Jose G.F. Coutinho, Mark Stillwell, Katerina Argyraki, George Ioannidis, Anca Iordache, Christoph Kleineweber, Alexandros Koliousis, John McGlone, Guillaume Pierre, Carmelo Ragusa, Peter Sanders, Thorsten Schütt, Teng Yu, and Alexander L. Wolf
HARNESS is a next generation cloud-computing platform that offers
commodity and specialized resources in support of large-scale data
processing applications. We focus primarily on application domains
that are currently not well supported by today's cloud providers,
including the areas of scientific computing, business-analytics, and
online machine learning. These applications often require acceleration
of critical operations using devices such as FPGAs, GPGPUs, network
middleboxes, and SSDs. We explain the architectural principles that
underlie the HARNESS platform, including the separation of agnostic
and cognizant resource management that allows the platform to be
resilient to heterogeneity while leveraging its use. We describe a
prototype implementation of the platform, which was evaluated using
two testbeds: (1) a heterogeneous compute and storage cluster that
includes FPGAs and SSDs and (2) Grid'5000, a large-scale distributed
testbed that spans France. We evaluate the HARNESS cloud-computing
platform with two applications: Reverse-Time Migration, a scientific
computing application from the geosciences domain, and AdPredictor, a
machine learning algorithm used in the Bing search engine.
Software Architecture for Big Data and the Cloud, Ivan Mistrik, Rami Bahsoon, Nour Ali, Maritta Heisel, Bruce Maxim (editors), Morgan Kaufmann, 2017, pp. 323-351.
Simone Silvestri, Brett Holbert, Petr Novotny, Thomas La Porta, Alexander L. Wolf, and Ananthram Swami
The heterogeneous and dynamic nature of tactical coalition networks poses
several challenges to common network management tasks, due to the lack of
complete and accurate network information. We consider the problem of rede-
ploying services in mobile tactical networks. We propose M-iTop, an algorithm
for inferring the network topology when only partial information is available.
M-iTop initially constructs a virtual topology that overestimates the number
of network components and then repeatedly merges links in this topology
to resolve it towards the structure of the true network. We also propose an
iterative service redeployment (iSR) algorithm for service redeployment in
tactical networks. Extensive simulations show that M-iTop and iSR allow an
efficient redeployment of services over the network despite the limitation of
partial information.
Advances in Computer Communications and Networks - From Green, Mobile, Pervasive Networking to Big Data Computing, Kewei Sha, Aaron Striegel, and Min Song (editors), River Publishers, 2017, pp. 127-154.
Teng Yu, Bo Feng, Mark Stillwell, Jose Gabriel F. Coutinho, Wenlai Zhao, Shuang Liang, Wayne Luk, Alexander L. Wolf, and Yuchun Ma
This paper presents a novel approach for allocating resources in
systems with multiple accelerators. It has three main
contributions. First, a new model based on Birkhoff's representation
theory in capturing the ordering properties of resource allocation
requests (RArs). Second, an effective technique for resource
allocation based on this model, targeting systems with multiple
accelerators. Third, the evaluation of the proposed approach for
Maxeler MPC-X multi-accelerator systems, demonstrating time-efficiency
and 30%-50% failure-rate decrease (FRD) on random input dataset.
IEEE 27th International Conference on Application-Specific Systems, Architectures and Processors, London, UK, July 2016, pp. 243-244.
Alexandros Koliousis, Matthias Weidlich, Raul Castro Fernandez, Alexander L. Wolf, Paolo Costa, and Peter Pietzuch
Modern servers have become heterogeneous, often combining multi-core
CPUs with many-core GPGPUs. Such heterogeneous architectures have the
potential to improve the performance of data-intensive stream
processing applications, but they are not supported by current
relational stream processing engines. For an engine to exploit a
heterogeneous architecture, it must execute streaming SQL queries with
sufficient data-parallelism to fully utilise all available
heterogeneous processors, and decide how to use each in the most
effective way. It must do this while respecting the semantics of
streaming SQL queries, in particular with regard to window handling.
We describe Saber, a hybrid high-performance relational stream
processing engine for CPUs and GPGPUs. Saber executes window-based
streaming SQL queries in a data-parallel fashion using all available
CPU and GPGPU cores. Instead of statically assigning query operators
to heterogeneous processors, Saber employs a new
adaptive heterogeneous lookahead scheduling strategy, which
increases the share of queries executing on the processor that yields
the highest performance. To hide data movement costs, Saber pipelines
the transfer of stream data between different memory types and the
CPU/GPGPU. Our experimental comparison against state-of-the-art
engines shows that Saber increases processing throughput while
maintaining low latency for a wide range of streaming SQL queries with
small and large windows sizes.
ACM SIGMOD
International Conference on Management of Data,
San Francisco, California, June 2016, pp. 555-569.
Alexandros Koliousis, Matthias Weidlich, Raul Castro Fernandez,
Alexander L. Wolf, Paolo Costa, and Peter Pietzuch
Heterogeneous architectures that combine multi-core CPUs with
many-core GPGPUs have the potential to improve the performance
of data-intensive stream processing applications. Yet, a stream pro-
cessing engine must execute streaming SQL queries with sufficient
data-parallelism to fully utilise the available heterogeneous proces-
sors, and decide how to use each processor in the most effective
way. Addressing these challenges, we demonstrate SABER, a hybrid
high-performance relational stream processing engine for CPUs and
GPGPUs. SABER executes window-based streaming SQL queries in
a data-parallel fashion and employs an adaptive scheduling strategy
to balance the load on the different types of processors. To hide
data movement costs, SABER pipelines the transfer of stream data
between CPU and GPGPU memory. In this paper, we review the
design principles of SABER in terms of its hybrid stream processing
model and its architecture for query execution. We also present a
web front-end that monitors processing throughput.
10th ACM International
Conference on Distributed and Event-Based Systems,
Irvine, California, June 2016, pp 354-357.
Abdul Alim, Richard G. Clegg, Luo Mai, Lukas Rupprecht, Eric Seckler,
Paolo Costa, Peter Pietzuch, Alexander L. Wolf, Nik Sultana, Jon Crowcroft,
Anil Madhavapeddy, Andrew Moore, Richard Mortier, Masoud Koleni, Luis Oviedo,
Matteo Migliavacca, and Derek McAuley
Data centre networks are increasingly programmable, with
application-specific network services proliferating, from custom
load-balancers to middleboxes providing caching and aggregation. Developers
must currently implement these services using traditional low-level APIs, which
neither support natural operations on application data nor provide efficient
performance isolation.
We describe FLICK, a framework for the programming and execution of
application-specific network services on multi-core CPUs. Developers
write network services in the FLICK language, which offers
high-level processing constructs and application-relevant data
types. FLICK programs are translated automatically to efficient,
parallel task graphs, implemented in C++ on top of a user-space
TCP stack. Task graphs have bounded resource usage at runtime, which
means that the task graphs of multiple services can execute
concurrently without interference using efficient cooperative
scheduling. We evaluate FLICK with several services (an HTTP
load-balancer, a Memcached router and a Hadoop data aggregator),
showing that it achieves good performance while reducing development
effort.
USENIX Annual Technical Conference,
Denver, Colorado, June 2016.
Petr Novotny, Rahul Urgaonkar, Alexander L. Wolf, and Bong Jun Ko
The dynamic environment of hybrid mobile and fixed wireless networks
used in military operations poses significant challenges in the
efficient provisioning of software functionality to application
clients. With their transient topology, the software services hosted
on mobile nodes may become temporarily unavailable or the cost of
transferring data across the network may become too high. To address
this problem we have designed a placement technique that allows the
dynamic repositioning of services within the network as it
evolves. The technique repositions services in reaction to changes in
network topology as well as in various system properties, such as
service dependencies or the workload generated by application
clients. In our approach we use a multi-layer model to represent a
service-based software system embedded in a network topology. We apply
constraint programming and its linear programming relaxation to solve
the model to find where best to place or reposition the services. We
evaluate the technique in terms of its effectiveness and cost under
various simulated operational conditions.
IEEE Military
Communications Conference, Tampa, Florida, October 2015, pp. 1052-1057.
Simone Silvestri, Brett Holbert, Petr Novotny, Thomas La Porta,
Alexander L. Wolf, and Ananthram Swami
The heterogeneous and dynamic nature of tactical coalition networks
poses several challenges to common network management tasks, due to
the lack of complete and accurate network information. In this paper,
we consider the problem of redeploying services in mobile tactical
networks. We propose M-iTop, an algorithm for inferring the network
topology when only partial information is available. M-iTop initially
constructs a virtual topology that overestimates the number of network
components, and then repeatedly merges links in this topology to
resolve it towards the structure of the true network. We perform
extensive simulations and show that M-iTop enables an efficient
redeployment of services over the network despite the limitation of
partial information.
24th International
Conference on Computer Communication and Networks,
Las Vegas, Nevada, August 2015.
A later version
appears here.
Petr Novotny, Bong Jun Ko, and Alexander L. Wolf
We are concerned with reliably harvesting data used to monitor a
service-based system hosted in a mobile ad hoc network (MANET)
environment. These data are time-bounded, time-sensitive
time-series data recorded by individual hosts in the network.
Harvesting is used to gather the data for global time-series analyses,
such as fault localization. The MANET environment challenges data
harvesting, due to the inherently unstable and unpredictable
connectivity and the resource limitations of wireless devices. We
present an epidemic, delay tolerant method to improve the
availability of time-series monitoring data in the presence of network
instabilities, asymmetries, and partitions. The method establishes a
network-wide synchronization overlay to incrementally and efficiently
move data to intermediate nodes. We have implemented the algorithm in
Java EE and evaluated it in the CORE and EMANE MANET emulation
environments.
12th IEEE
International Conference on Services Computing,
New York, New York, June 2015, pp. 9-16.
Petr Novotny, Bong Jun Ko, and Alexander L. Wolf
The dependencies among the components of service-oriented software
applications hosted in a mobile ad hoc network (MANET) are difficult
to determine due to the inherent loose coupling of the services and
the transient communication topologies of the network. Yet understanding
these dependencies is critical to making good management decisions,
since dependence data underlie important analyses such as fault
localization and impact analysis. Current methods for discovering
dependencies, developed primarily for fixed networks, assume that
dependencies change only slowly and require relatively long monitoring
periods as well as substantial memory and communication resources, all
of which are impractical in the MANET environment. We describe a new
dynamic dependence discovery method designed specifically for this
environment, yielding dynamic snapshots of dependence relationships
discovered through observations of service interactions. We evaluate
the performance of our method in terms of the accuracy of the
discovered dependencies, and draw insights on the selection of
critical parameters under various operational conditions. Although
operated under more stringent conditions, our method is shown to
provide results comparable to or better than existing methods.
IEEE
Transactions on Network and Service Management, vol. 12, no. 2, June
2015, pp. 278-292.
Xenofon Foukas, Antonio Carzaniga, and Alexander L. Wolf
Mixing time is a global property of a network that indicates
how fast a random walk gains independence from its starting point.
Mixing time is an essential parameter for many distributed
algorithms, but especially those based on gossip. We design,
implement, and evaluate a distributed protocol to measure mixing
time. The protocol extends an existing algorithm that models the
diffusion of information seen from each node in the network as the
impulse response of a particular dynamic system. In its original
formulation, the algorithm was susceptible to topology changes (or
"churn") and was evaluated only in simulation. Here we present a
concrete implementation of an enhanced version of the algorithm that
exploits multiple parallel runs to obtain a robust measurement, and
evaluate it using a network testbed (Emulab) in combination with a
peer-to-peer system (FreePastry) to assess both its performance and
its ability to deal with network churn.
IEEE
Conference on Computer Communications,
Hong Kong, China, April 2015, pp. 2749-2757.
Luo Mai, Lukas Rupprecht, Abdul Alim, Paolo Costa, Matteo Migliavacca,
Peter Pietzuch, and Alexander L. Wolf
Middleboxes have become pervasive in data centre
networks. While various functions, such as firewalling,
load-balancing and routing, are already benefiting from consolidation
onto generic and programmable middlebox platforms, existing platforms
are restricted to application-independent network
functions. We argue that this limited view of middlebox functionality
misses opportunities for improving the performance of network-bound
distributed applications.
Instead, we explore the use of middleboxes for offering
functions that take application semantics into account. We describe
NetAgg, a software-based middlebox platform for
application-specific on-path aggregation of network flows to
improve application performance. Aggregation middleboxes (agg
boxes) residing in the network topology serve to aggregate flows
according to functions provided by applications. This alleviates
network hotspots because only a fraction of the aggregatable traffic
is forwarded by each agg box. To minimise application changes, NetAgg
uses shim layers on edge servers to redirect traffic to the
agg boxes. Our experiments show that NetAgg can substantially improve
the throughput of both online (Apache Solr) and batch (Apache Hadoop)
applications, with only a modest investment cost.
10th
International Conference on Emerging Networking Experiments and
Technologies, Sydney, Australia, December 2014, pp. 249-262.
Michele Papalini, Antonio Carzaniga, Koorosh Khazaei, and Alexander L. Wolf
Routing in information-centric networking remains an open
problem. The main issue is scalability. Traditional IP routing can
be used with name prefixes, but it is believed that the number of
prefixes will grow too large. A related problem is the use of
per-packet in-network state (to cut loops and return data to
consumers). We develop a routing scheme that solves these problems.
The service model of our information-centric network supports
information pull and push using tag sets as information descriptors.
Within this service model, we propose a routing scheme that supports
forwarding along multiple loop-free paths, aggregates addresses for
scalability, does not require per-packet network state, and leads to
near-optimal paths on average. We evaluate the scalability of our
routing scheme, both in terms of memory and computational complexity,
on the full Internet AS-level topology and on the internal networks
of representative ASes using realistic distributions of content and
users extrapolated from traces of popular applications. For example,
a population of 500 million users requires a routing information base
of 3.8GB with an almost flat growth and, in this case, a routing
update (one content descriptor) can be processed in 2ms on commodity
hardware. We conclude that information-centric networking is
feasible, even with (or perhaps thanks to) addresses consisting of
expressive content descriptors.
1st ACM SIGCOMM
Conference on Information-Centric Networking, Paris, France, September
2014, pp. 17-26.
Antonio Carzaniga, Koorosh Khazaei, Michele Papalini, and Alexander L. Wolf
We have argued that an information-centric
network should natively
support publish/subscribe event notification in addition to on-demand
content delivery. We have also argued that both primitives could use
the same forwarding information base and, furthermore, that both
primitives can easily support addresses that are more expressive than
simple hierarchical names. In this paper we present a concrete
routing scheme that realizes this: "push" as well as "pull"
communication; anycast as well as multicast; and descriptor-based (as
opposed to name-based) addressing. The scheme is founded on multiple
tree covers that can be arranged and composed hierarchically following
the structure of network domains. On each tree, the scheme combines
addresses so as to reduce forwarding state. We demonstrate the
feasibility and scalability of the scheme through simulations on
Internet-scale workloads in realistic network settings.
ACM SIGCOMM Workshop
on Information-Centric Networking, Hong Kong, China,
August 2013, pp. 3-8.
Luo Mai, Lukas Rupprecht, Paolo Costa, Matteo Migliavacca,
Peter Pietzuch, and Alexander L. Wolf
Modern data centers (DCs) host a range of distributed applications
that handle large amounts of data and high numbers of concurrent
requests through "scale out" -- computation is executed in a parallel
fashion by distributing data across a large number of
machines. Typically, such applications operate on the data following
a partition/aggregate paradigm: In the partition phase, a
master node partitions a job into sub-tasks that are scheduled on
different worker nodes for concurrent execution. Each worker operates
on a subset of data and generates partial results locally. In the
aggregate phase, the partial results generated by the mappers are
collected and aggregated by one or more reducers.
During the aggregation phase a large number of many-to-few network
flows are generated. This traffic pattern is hard to support with
traditional infrastructures due to network over-subscription in the
core and the limited bandwidth available at the end host. Recently,
triggered by the availability of multi-core CPUs at low cost, there
has been a renewed interest in software-based routers, which replace
the traditional operations of switches and routers with custom
software implementations.
We argue that the flexibility provided by these implementations should
be offered to tenants to implement part of the application logic in
the network. We refer to this approach as
Network-as-a-Service (NaaS) because it exposes networking as a
service to the application to improve network usage and thus mitigate
bandwidth scarcity by permitting in-network processing of data.
2013 Conference
on Applications, Technologies, Architectures, and Protocols for Computer
Communication (SIGCOMM 2013 Poster), Hong Kong, China,
August 2013, pp. 519-520.
Petr Novotny, Alexander L. Wolf, and Bong Jun Ko
The combination of service-oriented
applications, with their run-time
service binding, and mobile ad hoc networks, with their transient
communication topologies, brings a new level of complex dynamism to
the structure and behavior of software systems. This complexity
challenges our ability to understand the dependence relationships
among system components when performing analyses such as fault
localization and impact analysis. Current methods of dynamic
dependence discovery, developed for use in fixed networks, assume that
dependencies change slowly. Moreover, they require relatively long
monitoring periods as well as substantial memory and communication
resources, which are impractical in the mobile ad hoc network
environment. We describe a new method, designed specifically for this
environment, that allows the engineer to trade accuracy against cost,
yielding dynamic snapshots of dependence relationships. We evaluate
our method in terms of the accuracy of the discovered dependencies.
IFIP/IEEE
International Symposium on Integrated Network Management, Ghent, Belgium,
May 2013, pp. 527-533.
A later version
appears here.
Petr Novotny, Alexander L. Wolf, and Bong Jun Ko
Fault localization in general refers to a
technique for identifying
the likely root causes of failures observed in systems formed from
components. Fault localization in systems deployed on mobile ad hoc
networks (MANETs) is a particularly challenging task because those
systems are subject to a wider variety and higher incidence of faults
than those deployed in fixed networks, the resources available to
track fault symptoms are severely limited, and many of the sources of
faults in MANETs are by their nature transient. We present a method
for localizing the faults occurring in service-based systems hosted on
MANETs. The method is based on the use of dependence data that are
discovered dynamically through decentralized observations of service
interactions. We employ both Bayesian and timing-based reasoning
techniques to analyze the data in the context of a specific fault
propagation model, deriving a ranked list of candidate fault
locations. We present the results of an extensive set of experiments
exploring a wide range of operational conditions to evaluate the
accuracy of our method. 31st International Symposium on Reliable Distributed Systems, Irvine, California, October 2012,
pp. 243-248.
A later version
appears here.
Paolo Costa, Matteo Migliavacca, Peter Pietzuch, and Alexander L. Wolf
Cloud computing realises the vision of
utility
computing. Tenants can benefit from on-demand provisioning
of computational resources according to a pay-per-use
model and can outsource hardware purchases and maintenance. Tenants,
however, have only limited visibility
and control over network resources and even for simple
tasks tenants must resort to inefficient overlay networks.
To address these shortcomings, we propose
Network-as-a-Service (NaaS), a paradigm that integrates current
cloud computing offerings with direct yet secure access
to the network infrastructure by tenants. NaaS-enabled
tenants can easily deploy custom routing and multicast
protocols. Further, by modifying the content of packets on-path,
they can efficiently implement advanced network services, such as
in-network data aggregation, redundancy elimination and smart caching.
We discuss applications that can benefit from NaaS,
motivate the functionality required by NaaS, and sketch
a possible implementation and programming model that
can be supported by current technology. Our initial simulation study
suggests that, even with limited processing
capability at network switches, NaaS can significantly increase
application throughput and reduce network traffic. 2nd USENIX
Workshop
on Hot Topics in Management of Internet, Cloud, and Enterprise Networks
and
Services, San Jose, California, April 2012.
Athanasios Konstantinidis, Antonio Carzaniga, and Alexander L. Wolf
An important concern in the design of a
publish/subscribe system is its expressiveness, which is the ability to
represent various types of information in publications and to precisely
select information of interest through subscriptions. We present an
enhancement to existing content-based publish/subscribe systems with
support for a 2D spatial data type and eight associated relational
operators, including those to reveal overlap, containment, touching,
and disjointedness between regions of irregular shape. We describe an
algorithm for evaluating spatial relations that is founded on a new
dynamic discretization method and region-intersection model. In order
to make the data type practical for large-scale applications, we
provide an indexing structure for accessing spatial constraints and
develop a simplification method for eliminating redundant constraints.
Finally, we present the results of experiments evaluating the
effectiveness and scalability of our approach. ACM/IFIP/USENIX
12th International Middleware Conference, Lisbon, Portugal,
December 2011, Lecture Notes in Computer Science 7049,
Springer-Verlag, pp. 208-227.
Jessica Diaz, Jennifer Perez, Juan Garbajosa, and Alexander L. Wolf
Variability is a means for evolution of
component-based architectures, driving flexible and adaptive
architectures. In recent years, researches have emphasized the need
for documenting architectural knowledge to maintain and evolve
software, i.e. the need for documenting not only the design of the
solution, but also the decisions driving the design and their
rationale. However, few approaches document the architectural
knowledge behind variability, known as variability design
rationale. This paper presents the process for documenting variability
design rationale of flexible and adaptive architectures alongside
their architectural description. This process is supported by the
metamodels Flexible-PLA and Product-Line
Architectural Knowledge which define the modeling primitives to
completely describe the structure of product-line architectures and to
document variability design rationale, respectively. The tool FPLA
implements these modeling primitives supporting the specification of
architectural models ready to be involved in a model-driven
development process. It is illustrated with an example.
Second
International Workshop on Variability, Adaptation and Dynamism in
Software Systems and Services, Hersonissos, Crete, Greece,
October 2011, Lecture Notes in Computer Science 7046, Springer-Verlag,
pp. 612-621.
Jessica Diaz, Jennifer Perez, Juan Garbajosa, and Alexander L. Wolf
Change impact analysis is fundamental in
software evolution, since it allows one to determine potential effects
upon a system resulting from changing requirements. While prior work
has generically considered change impact analysis at architectural
level, there is a distinct lack of support for the kinds of
architectures used to realize software product lines, so-called
product-line architectures (PLAs). In particular, prior approaches do
not account for variability, a
specific characteristic of software product lines. This paper presents
a new technique for change impact analysis that targets product-line
architectures. We propose to join a
traceability-based algorithm and a rule-based inference engine to
effectively traverse modeling artifacts that account for variability.
In contrast to prior approaches, our technique supports the mechanisms
for (i) specifying variability in PLAs, (ii) documenting PLA knowledge,
and (iii) tracing variability between requirements and PLAs. We
demonstrate our technique by applying it to the analysis of
requirements changes in the product-line architecture of a banking
system. 5th European Conference on Software
Architecture, Essen, Germany, September 2011, Lecture Notes in
Computer Science 6903, Springer-Verlag, pp. 114-129.
Antonio Carzaniga, Michele Papalini, and
Alexander L. Wolf
On-line information comes in different forms
and is accessed in different ways and for different purposes. For
example, a recording of Beethoven’s Ninth Symphony differs from a storm
warning from the local weather service. Beethoven’s Ninth is a large
media file with perpetual validity that is typically accessed on demand
by users. By contrast, a storm warning is a small ephemeral message
typically pushed by the weather service to all users in a specific
geographic area. We argue that both should and would be well supported
by an information-centric network. More specifically we argue three
points. First, modern applications, reflecting the nature of human
communications, use and transmit large and long-lived files as well as
small ephemeral messages. Second, accessing those two types of
information involves significantly different operations within the
network. Third, despite their differences, both types of information
would benefit from an addressing scheme based on content rather than on
more or less flat identifiers, which means that both should be
integrated to some extent within a unified content-based routing
infrastructure. ACM SIGCOMM Workshop on
Information-Centric Networking,
Toronto,
Canada,
August
2011,
pp.
81-86.
Cristian Cadar, Peter Pietzuch, and
Alexander L. Wolf
New technologies have recently emerged to
challenge the very nature of computing: multicore processors,
virtualized operating systems and networks, and data-center clouds. One
can view these technologies as forming levels within a new, global
computing platform. We aim to open a new area of research, called multiplicity
computing, that takes a radically different approach to the
engineering of applications for this platform. Unlike other efforts,
which are largely focused on innovations within specific levels,
multiplicity computing embraces the platform as a virtually unlimited
space of essentially redundant resources. This space is formed as a
whole from the cross product of resources available at each level in
the platform, offering a "multiplicity" of end-to-end resources. We
seek to discover fundamentally new ways of exploiting the combinatorial
multiplicity of computational, communication, and storage resources to
obtain scalable applications exhibiting improved quality,
dependability, and security that are both predictable and measurable. FSE/SDP Workshop on the Future of Software
Engineering Research,
Santa
Fe,
New
Mexico,
November
2010,
pp. 81-86.
Antonio Carzaniga, Giovanni Denaro, Mauro Pezze, Jacky Estublier, and
Alexander L. Wolf
Modern
societies are pervaded by computerized, heterogeneous devices designed
for specific purposes, but also more and more often capable of
interacting with other devices for entirely different purposes. For
example, a cell phone could be used to purchase a train ticket on-line
that could later be printed by a vending machine at the train station.
This type of open environment is what we call a society of digital
systems. In this paper, we outline the characteristics of societies of
digital systems, and argue that they call for a new approach to cope
with unforeseen interactions, possible incompatibilities, failures, and
emergent behaviors. We argue that designers can not assume a closed or
homogeneous world, and must instead naturally accommodate dynamic
adaptations. Furthermore, self-adaptability, that is, the ability to
adapt autonomically to a changing environment, also poses problems, as
different adaptation strategies may interfere negatively, leading to
unstable behaviors. As an initial concrete contribution to solve this
problem, we propose a method to support the graceful integration of
devices and software systems in an open environment. The method uses
management information, and is specifically centered on the idea of
expressing self-adaptation operations as change sets over the
managementinformation base. 31st
International Conference on
Software Engineering (ICSE '09) New Ideas and Emerging Results Track,
Vancouver,
Canada,
May
2009,
pp.
331-334.
Matthew J. Rutherford, Antonio Carzaniga, and Alexander L. Wolf Test adequacy
criteria provide the engineer with guidance on how to
populate test suites. While adequacy criteria have long been a focus of
research, existing testing methods do not address many of the
fundamental characteristics of distributed systems, such as
distribution topology, communication failure, and timing. Furthermore,
they do not provide the engineer with a means to evaluate the relative
effectiveness of different criteria, nor the relative effectiveness of
adequate test suites satisfying a given criterion. This paper makes
three contributions to the development and use of test adequacy
criteria for distributed systems: (1) a testing method based on
discrete-event simulations; (2) a fault-based analysis technique for
evaluating test suites and adequacy criteria; and (3) a series of case
studies that validate the method and technique. The testing method uses
a discrete-event simulation as an operational specification of a
system, in which the behavioral effects of distribution are explicitly
represented. Adequacy criteria and test cases are then defined in terms
of this simulation-based specification. The fault-based analysis
involves mutation of the simulation-based specification to provide a
foil against which test suites and the criteria that formed them can be
evaluated. Three distributed systems were used to validate the method
and technique, including DNS, the Domain Name System.
IEEE
Transactions on Software Engineering, vol. 34, no. 4, July/August
2008, pp. 452-470.
Yanyan Wang, Antonio Carzaniga, and Alexander L. Wolf
Experimentation is
an essential tool employed by the developers of
software systems, especially distributed systems. In prior work we
developed a model-driven framework for automating various
experimentation tasks, such as workload generation, and demonstrated
that it gives the engineer a cost-effective means to conduct
large-scale experiments on distributed testbeds. We have enhanced the
methods underlying the framework in four significant ways: (1)
increasing the expressiveness of workloads by allowing for
conditional and reactive behaviors; (2) supporting the repeatability
of experiments through the creation of environment workloads that can
control the operational context; (3) enabling the composability
of application and environment workloads to obtain a broader class of
experiments; and (4) extending the scope
of experiment management to include control over multiple runs. We use
the enhancements to conduct a series of interesting new experiments.
Specifically, the enhancements allow us to manipulate a fixed-wired
testbed so that it simulates a mobile-wireless environment, and to
selectively and maliciously inject faults into a system.
30th International
Conference
on
Software
Engineering
(ICSE
'08), Leipzig, Germany, May 2008,
pp. 491-500.
Leon J. Osterweil,
Carlo Ghezzi, Jeff Kramer,
and Alexander L. Wolf
Computer,
vol. 41, no. 3, March 2008,
pp. 39-49.
John Giacomoni, John K. Bennett, Antonio Carzaniga, Douglas C. Sicker,
Manish Vachharajani, and Alexander L. Wolf
This
paper presents an alternative; a software network processor (Soft-NP)
framework using commodity general-purpose platforms capable of
high-rate and throughput sequential frame processing compatible with
high-level languages and general-purpose operating systems. A
cache-optimized concurrent lock free queue provides the necessary
low-overhead core-to-core communication for sustained sequential frame
processing beyond the realized 1.41 million frames per second (Gigabit
Ethernet) while permitting perframe processing time expansion with
pipeline parallelism. 3rd ACM/IEEE
Symposium on Architectures for Networking and Communications Systems (ANCS '07), Orlando, Florida,
December 2007, pp. 27-36.
Naveed Arshad, Dennis Heimbigner, and Alexander L. Wolf
The quality of
software systems are determined in part by their optimal
configurations. Optimal configurations are desired when the software is
being deployed and during its lifetime. However, initial deployment and
subsequent dynamic reconfiguration of a software system is difficult
because of the interplay of many interdependent factors, including
cost, time, application state, and system resources. As the size and
complexity of software systems increases, procedures (manual or
automated) that assume a static software architecture and environment
are becoming untenable. We have developed a novel technique for
carrying out the deployment and reconfiguration planning processes that
leverages recent advances in the field of temporal planning. We
describe a tool called Planit, which manages the deployment and
reconfiguration of a software system utilizing a temporal planner.
Given a model of the structure of a software system, the network upon
which the system should be hosted, and a goal configuration, Planit
will use the temporal planner to devise possible deployments of the
system. Given information about changes in the state of the system,
network and a revised goal, Planit will use the temporal planner to
devise possible reconfigurations of the system. We present the results
of a case study in which Planit is applied to a system consisting of
various components that communicate across an application-level overlay
network.
Software Quality
Journal, vol. 15, no. 3, September 2007, pp.
265-281.
Matthew J. Rutherford, Antonio Carzaniga, and Alexander L. Wolf
Developers of
distributed systems routinely construct discrete-event
simulations to help understand and evaluate the behavior of
inter-component protocols. Simulations are abstract models of systems
and their environments, capturing basic algorithmic functionality at
the same time as they focus attention on properties critical to
distribution, including topology, timing, bandwidth, and overall
scalability. We claim that simulations can be treated as a form of
specification, and thereby used within a specification-based testing
regime to provide developers with a rich new basis for defining and
applying system-level test adequacy criteria. We describe a framework
for evaluating distributed system test adequacy criteria, and
demonstrate our approach on simulations and implementations of three
distributed systems, including DNS, the Domain Name System.
14th ACM SIGSOFT
International Symposium on Foundations of
Software Engineering (FSE-14), Portland, Oregon, November 2006,
pp. 231-241. A later version
appears here.
Antonio Carzaniga, Aubrey J. Rembert, and Alexander L. Wolf
Content-based
networking is a message-oriented communication service
in which a message is delivered to all destinations that have declared
a selection predicate matching the content of that message. Analogous
to that of a traditional address-based network, a routing scheme in a
content-based network defines the router-local matching, forwarding,
and header functions that collectively realize the delivery function.
Several such routing schemes have been proposed in the literature, but
they have been evaluated only qualitatively or in simulation. In this
paper we abstract from those previous results in an effort to place
them in a general theoretical framework. This framework allows us to
rigorously define notions of correctness, minimality, and complexity.
In particular, we prove the correctness and characterize the
complexity of two existing content-based routing schemes, propose a
new latency-minimal scheme, and provide the results of a Monte Carlo
simulation that serves as the basis for estimating the space
requirements of any given scheme.
Technical Report
USI-INF-2006-05, Faculty of Informatics,
University of Lugano, Lugano, Switzerland, September 2006.
Cyrus Hall, Antonio Carzaniga, and Alexander L. Wolf
An ideal sensor
network would minimize communication by routing
information only to those nodes requiring the information. We are
exploring the use of a content-based network for this purpose, where
messages containing sensor readings and associated metadata are
relayed from source nodes to destination nodes based solely on the
fact that the destination nodes have expressed interest in specific
message content. This paper contributes a concrete protocol, called
DV/DRP, that implements content-based networking for wireless sensor
networks or other similarly constrained network configurations.
DV/DRP augments a basic distance vector protocol to construct both
primary and alternate routes. DV/DRP also features a new
content-based forwarding technique called dynamic receiver
partitioning. DV/DRP makes minimal assumptions on the underlying
MAC layer. Notably, it uses only a primitive local broadcast, does
not require reliability of the link layer nor the use of
acknowledgments, and explicitly handles asymmetric links. We present
simulations showing that the protocol scales to large networks while
minimizing the resource consumption of individual nodes. We also show
that the protocol is robust with respect to transient and permanent
node failures, as well as asymmetries in wireless links. Finally, to
demonstrate that DV/DRP is suitable for memory-constrained sensor
networks, we discuss a preliminary implementation.
Technical Report
USI-INF-2006-04, Faculty of Informatics,
University of Lugano, Lugano, Switzerland, September 2006.
Flavio Corradini, Paola Inverardi, and Alexander L. Wolf
Software
architecture specifications are predominantly concerned with
describing the component structure of systems and how the components
interact behaviorally. They are increasingly part of standardized
software development processes because they represent a system
abstraction in which design choices relevant to the correctness of the
final system are taken. Therefore, much of software architecture
research has concentrated on specification and analysis, whereas
little attention has been paid to formally relating architectural
specifications to higher levels of specification, such as the system
requirements. In this paper we present our progress toward addressing
an instance of this problem, namely relating state-based software
architecture specifications to high-level functional
specifications. Our approach is to use an intermediate specification
given in terms of a set of temporal logic properties to bridge the gap
between the two levels of specifications. We describe our approach in
the context of a particular case study, the AEGIS GeoServer Simulation
Testbed system, showing how a compact functional specification of a
critical behavioral property of the system can be used to validate
three alternative architectural specifications of that system.
Science of
Computer Programming, vol. 59, no. 3, February 2006,
pp. 171-208.
Yanyan Wang, Matthew J. Rutherford, Antonio Carzaniga, and Alexander L.
Wolf
Engineering
distributed systems is a challenging activity. This is
partly due to the intrinsic complexity of distributed systems, and
partly due to the practical obstacles that developers face when
evaluating and tuning their design and implementation decisions. This
paper addresses the latter aspect, providing techniques for software
engineers to automate the experimentation activity. Our approach is
founded on a suite of models that characterize the distributed system
under experimentation, the testbeds upon which the experiments are to
be carried out, and the client behaviors that drive the experiments.
The models are used by generative techniques to automate construction
of the workloads, as well as construction of the scripts for deploying
and executing the experiments on distributed testbeds. The framework
is not targeted at a specific system or application model, but rather
is a generic, programmable tool. We have validated our approach by
performing experiments on a variety of distributed systems. For two
of these systems, the experiments were deployed and executed on the
PlanetLab wide-area testbed. Our experience shows that this framework
can be readily applied to different kinds of distributed system
architectures, and that using it for meaningful experimentation,
especially in large-scale network environments, is advantageous.
20th IEEE/ACM
International Conference on Automated Software Engineering
(ASE '05), Long Beach, California, November 2005, pp. 164-173.
Leon J. Osterweil, Carlo Ghezzi, Jeff Kramer, and Alexander L. Wolf
This issue of the
ACM Transactions on Software Engineering and
Methodology contains two papers produced under the auspices of the
Impact Project. The Impact Project is a special initiative of the
Association of Computing Machinery (ACM) Special Interest Group in
Software Engineering (SIGSOFT). It is funded in part by the US
National Science Foundation (NSF), the UK Institution of Electrical
Engineers (IEE), and the Japan Electronics and Information Technology
Industries Association (JEITA).
The project's goal
is to determine the impact of software engineering
research upon software engineering practice. This is being pursued by
identifying and documenting research contributions that have had
substantial impact, determining the research modalities that have been
relatively more successful, identifying technology transition
approaches that have worked best, and anticipating directions that
software engineering research might most effectively pursue, based on
its history and positioning. In doing so, the project is also
providing case studies of how a scientific community works, and what
approaches both hamper and improve its effectiveness.
ACM Transactions
on Software Engineering and Methodology,
vol. 14, no. 4, October 2005, pp. 381-382.
Naveed Arshad, Dennis Heimbigner, and Alexander L. Wolf
One of the
characteristics of autonomic systems is self recovery from
failures. Self recovery can be achieved through sensing failures,
planning for recovery and executing the recovery plan to bring the
system back to a normal state. For various reasons, however,
additional failures are possible during the process of recovering from
the initial failure. Handling such secondary failures is important
because they can cause the original recovery plan to fail and can
leave the system in a complicated state that is worse than before. In
this paper techniques are identified to preserve consistency while
dealing with such failures that occur during failure recovery.
2005 Workshop on
Design and Evolution of Autonomic Application Software
(DEAS '05), St. Louis, Missouri, May 2005, pp. 9-14.
Matthew J. Rutherford, Antonio Carzaniga, and Alexander L. Wolf
Distributed
software systems are notoriously difficult to test. As in
all software testing, the space of potential test cases for
distributed systems is intractably large and so the efforts of testers
must be directed to the scenarios that are most important.
Unfortunately, there does not currently exist a general-purpose,
disciplined, and effective testing method for distributed systems. In
this paper we present an empirical study of failures experienced by
the users of seven open-source distributed systems. The goal of the
study is to understand the extent to which there are patterns,
commonalities, and correlations in the failure scenarios, such that
one could define an improved testing method for distributed systems.
Our results indicate that: a new generation of test-adequacy criteria
are needed to address the failures that are due to distribution; the
configurations that cause user-reported failures are reasonably
straightforward to identify; and generic failure observations (i.e.,
those for which reusable techniques can be developed) are strongly
correlated to the distributed nature of system failures. The second
two results in particular imply that there is a reasonable bound on
the effort required to organize the testing activity. Overall, the
study gives us some early confidence that it is feasible to consider a
testing method that targets distributed systems. The results of this
study are offered as a basis for future work on the definition of such
a method.
Technical Report
CU-CS-994-05, Department of Computer Science,
University of Colorado, Boulder, Colorado, April 2005.
Naveed Arshad, Dennis Heimbigner, and Alexander L. Wolf
Failure recovery in
distributed systems poses a difficult challenge
because of the requirement for high availability. Failure scenarios
are usually unpredictable so they can not easily be foreseen. In this
research we propose a planning based approach to failure
recovery. This approach automates failure recovery by capturing the
state after failure, defining an acceptable recovered state as a goal
and applying planning to get from the initial state to the goal
state. By using planning, this approach can recover from a variety of
failed states and reach any of several acceptable states: from minimal
functionality to complete recovery.
2004 Workshop on
Self-Managed Systems (WOSS '04), Newport Beach, California,
October 2004, pp. 8-12.
Nathan D. Ryan and Alexander L. Wolf
All systems built
from distributed components involve the use of one
or more protocols for inter-component communication. Whether these
protocols are based on a broadly used "standard" or are specially
designed for a particular application, they are likely to evolve. The
goal of the work described here is to contribute techniques that can
support protocol evolution. We are concerned not with how or
why a protocol might evolve, or even whether that evolution is in some
sense correct. Rather, our concern is with making it possible for
applications to accommodate protocol changes dynamically. Our approach
is based on a method for isolating the syntactic details of a protocol
from the semantic concepts manipulated within components. Protocol
syntax is formally specified in terms of tokens, message structures,
and message sequences. Event-based translation techniques are used in
a novel way to present to the application the semantic concepts
embodied by these syntactic elements. We illustrate our approach by
showing how it would support an HTTP 1.1 client interacting with an
HTTP 1.0 server.
26th
International Conference on Software Engineering, Edinburgh,
Scotland, May 2004, pp. 408-417.
Jonathan E. Cook, Zhidian Du, Chongbing Liu, and Alexander L. Wolf
Understanding the
dynamic behavior of a workflow is crucial for being
able to modify, maintain, and improve it. A particularly difficult
aspect of some behavior is concurrency. Automated techniques which
seek to mine workflow data logs to discover information about the
workflows must be able to handle the concurrency that manifests itself
in the workflow executions. This paper presents techniques to discover
patterns of concurrent behavior from traces of workflow events. The
techniques are based on a probabilistic analysis of the event
traces. Using metrics for the number, frequency, and regularity of
event occurrences, a determination is made of the likely concurrent
behavior being manifested by the system. Discovering this behavior can
help a workflow designer better understand and improve the work
processes they are managing.
Computers in
Industry, no. 53, April 2004, pp. 297-319.
Antonio Carzaniga, Matthew J. Rutherford, and Alexander L. Wolf
This paper proposes
a routing scheme for content-based networking. A
content-based network is a communication network that features a new
advanced communication model where messages are not given explicit
destination addresses, and where the destinations of a message are
determined by matching the content of the message against selection
predicates declared by nodes. Routing in a content-based network
amounts to propagating predicates and the necessary topological
information in order to maintain loop-free and possibly minimal
forwarding paths for messages. The routing scheme we propose uses a
combination of a traditional broadcast protocol and a content-based
routing protocol. We present the combined scheme and its requirements
over the broadcast protocol. We then detail the content-based routing
protocol, highlighting a set of optimization heuristics. We also
present the results of our evaluation, showing that this routing
scheme is effective and scalable.
2004 IEEE
Conference on Computer Communications, Hong Kong, China, March 2004,
pp. 918-928.
Kenneth Anderson, Antonio Carzaniga, Dennis Heimbigner, and Alexander
L. Wolf
In this report we
describe a uniquely decentralized event-based system
for online and offline tracking, analysis, and control of electronic
document transactions in order to detect suspected insider misuse of
those documents. Our system is focused on the problem of tracking and
analyzing user's actions with respect to documents. On the user
side, the proposed system will support the placing of document sensors
into a heterogeneous collection of document editors (e.g., Microsoft
Office) and browsers, including Web browsers. The system will provide
a low entry barrier with respect to integrating new user-side
tools. On the administrative side, the proposed system will support a
dynamically changing set of online and offline analysis and control
programs capable of providing such diverse capabilities as
visualization, persistence, forensics, access control validation, and
slicing of document access patterns based on, for example, user, or
document, or transaction type, or time-line. The system as a whole
will be portable, which we will demonstrate by providing integration
of tools under both Linux and Windows.
Technical Report
CU-CS-968-04, Department of Computer Science,
University of Colorado, Boulder, Colorado, February 2004.
Mauro Caporuscio, Antonio Carzaniga, and Alexander L. Wolf
This paper presents
the design and evaluation of a support service for
mobile, wireless clients of a distributed publish/subscribe system. A
distributed publish/subscribe system is a networked communication
infrastructure where messages are published by senders and then
delivered to the receivers whose subscriptions match the messages.
Communication therefore does not involve the use of explicit
addresses, but rather emerges from the dynamic arrangement of
publishers and subscribers. Such a communication mechanism is an
ideal platform for a variety of internet applications, including
multi-party messaging, personal information management, information
sharing, on-line news distribution, service discovery, and electronic
auctions. Our goal is to support such applications on mobile,
wireless host devices in such a way that the applications can, if they
chose, be oblivious to the mobility and intermittent connectivity of
their hosts as they move from one publish/subscribe access point to
another. In this paper we describe a generic, value-added service
that can be used in conjunction with publish/subscribe systems to
achieve these goals. We detail the implementation of the service and
present the results of our evaluation of the service in both wireline
and emulated wireless environments.
IEEE
Transactions on Software Engineering, vol. 29, no. 12,
December 2003, pp. 1059-1071.
Naveed Arshad, Dennis Heimbigner, and Alexander L. Wolf
Initial deployment
and subsequent dynamic reconfiguration of a
software system is difficult because of the interplay of many
interdependent factors, including cost, time, application state, and
system resources. As the size and complexity of software systems
increases, procedures (manual or automated) that assume a static
software architecture and environment are becoming untenable. We have
developed a novel technique for carrying out the deployment and
reconfiguration planning processes that leverages recent advances in
the field of temporal planning. We describe a tool called Planit,
which manages the deployment and reconfiguration of a software system
utilizing a temporal planner. Given a model of the structure of a
software system, the network upon which the system should be hosted,
and a goal configuration, Planit will use the temporal planner to
devise possible deployments of the system. Given information about
changes in the state of the system, network and a revised goal, Planit
will use the temporal planner to devise possible reconfigurations of
the system. We present the results of a case study in which Planit is
applied to a system consisting of various components that communicate
across an application-level overlay network.
15th
International Conference on Tools with Artificial Intelligence
(ICTAI '03), Sacramento, California, November 2003, pp. 39-46. A later version
appears here.
Matthew J. Rutherford and Alexander L. Wolf
A primary goal of
generative programming and model-driven development
is to raise the level of abstraction at which designers and developers
interact with the software systems they are building. During initial
development, the benefits of abstraction are clear. However, during
testing and maintenance, increased distance from the implementation
can be a disadvantage. We view test cases and test harnesses as an
essential bridge between the high-level specifications and the
implementation. As such, the generation of test cases for fully
generated components and test harnesses for partially generated
components is of fundamental importance to model-driven systems. In
this paper we present our experience with test-case and test-harness
generation for a family of model-driven, component-based distributed
systems. We describe our development tool, MODEST, and motivate our
decision to invest the extra effort needed to generate test code. We
present our approach to test-case and test-harness generation and
describe the benefits to developers and maintainers of generated
systems. Furthermore, we quantify the relative cost of generating test
code versus application code and find that the artifact templates for
producing test code are simpler than those used for application
code. Given the described benefits to developers and maintainers and
the relatively low cost of test-code development, we argue that
test-code generation should be a fundamental feature of model-driven
development efforts.
Second
International Conference on Generative Programming and
Component Engineering (GPCE '03), Lecture Notes in Computer
Science 2830, Springer-Verlag, Berlin, 2003, pp. 377-396.
Judith A. Stafford, Alexander L. Wolf, and Mauro Caporuscio
As the focus of
software design shifts increasingly toward the
architectural level, so too are its analysis techniques. Dependence
analysis is one such technique that shows promise at this level. In
this paper we briefly describe and illustrate the application of
dependence analysis to architectural descriptions of software systems.
Formal Methods
for Software Architectures: Third International School
on Formal Methods for the Design of Computer, Communication and
Software Systems, Lecture Notes in Computer Science 2804,
Springer-Verlag, Berlin, 2003, pp. 52-62.
Antonio Carzaniga and Alexander L. Wolf
This paper presents
an algorithm for content-based forwarding, an
essential function in content-based networking. Unlike in traditional
address-based unicast or multicast networks, where messages are given
explicit destination addresses, the movement of messages through a
content-based network is driven by predicates applied to the content
of the messages. Forwarding in such a network amounts to evaluating
the predicates stored in a router's forwarding table in order to
decide to which neighbor routers the message should be sent. We are
interested in finding a forwarding algorithm that can make this
decision as quickly as possible in situations where there are
numerous, complex predicates and high volumes of messages. We present
such an algorithm and give the results of studies evaluating its
performance.
2003 Conference
on Applications, Technologies, Architectures, and
Protocols for Computer Communication, Karlsruhe,
Germany, August 2003, pp. 163-174.
Marco Castaldi, Antonio Carzaniga, Paola Inverardi, and Alexander L.
Wolf
We describe Lira, a
lightweight infrastructure for managing dynamic
reconfiguration that applies and extends the concepts of network
management to component-based, distributed software systems. Lira is
designed to perform both component-level reconfigurations and scalable
application-level reconfigurations, the former through agents
associated with individual components and the latter through a
hierarchy of managers. Agents are programmed on a
component-by-component basis to respond to reconfiguration requests
appropriate for that component. Managers embody the logic for
monitoring the state of one or more components, and for determining
when and how to execute reconfiguration activities. A simple protocol
based on SNMP is used for communication among managers and agents.
11th
International Workshop on Software Configuration Management,
Lecture Notes in Computer Science 2649, Springer-Verlag, Berlin,
2003, pp. 231-244.
André van der Hoek and Alexander L. Wolf
Software release
management is the process through which software is
made available to and obtained by its users. Until now, this process
has been relatively straightforward. However, the emergence of
component-based software is complicating software release
management. Increasingly, software is constructed via the assembly of
pre-existing, independently produced, and independently released
components. Both developers and users of such software are affected by
these complications. Developers need to accurately document the
complex and changing dependencies among the components constituting
the software. Users must be involved in locating, retrieving, and
assembling components in order to appropriately bring the software
into their particular environment. In this paper, we introduce the
problem of release management for component-based software and discuss
SRM, a prototype software release management tool we have developed
that supports both developers and users in the software release
management process.
Software-Practice
and
Experience, vol. 33, issue 1, January
2003, pp. 77-98
Antonio Carzaniga and Alexander L. Wolf
We argue that the
needs of many classes of modern applications,
especially those targeted at mobile or wireless computing, demand the
services of content-based publish/subscribe middleware, and that this
middleware in turn demands a new kind of communication infrastructure
for its proper implementation. We refer to this new communication
infrastructure as content-based networking. The service model
of this network must directly support the interface of an advanced
content-based publish/subscribe middleware service. At the same time,
the implementation must be architected as a true distributed network,
providing appropriate guarantees of reliability, security, and
performance. We do not propose content-based networking as a
replacement for IP, nor do we advocate an implementation of a
publish/subscribe middleware at the network level (i.e., within
routers). Instead, we argue that content-based networking must be
designed according to established networking principles and
techniques. To this end, in this paper, we formulate the foundational
concepts of content-based networking, and relate them to the
corresponding concepts in traditional networking. We also briefly
review our experience with content-based publish/subscribe middleware
and suggest some open research problems in the area of content-based
networking.
NSF Workshop on
an Infrastructure for Mobile and Wireless
Systems, Lecture Notes in Computer Science 2538, Springer-Verlag,
Berlin, 2002, pp. 59-68.
Birgitta Konig-Ries, Kia Makki, S.A.M. Makki, Charles E. Perkins,
Niki Pissinou, Peter Reiher, Peter Scheuermann, Jari Veijalainen,
Alexander Wolf, and Ouri Wolfson
The recent NSF
Workshop on Infrastructure for Mobile and Wireless
Systems, held on October 15, 2001 in Phoenix had a goal of defining
and establishing a common infrastructure for the discipline of mobile
wireless networking. This consensus-based paper is the outcome of
that workshop. The paper provides a foundation for implementation,
standardization, and further research and discussion on the issues of
what should constitute such an infrastructure. Workshop participants
came from many different wireless communities, including those of
communications, operating systems, core networking, mobility,
databases, and middleware. The workshop presented various research
directions in the field and included substantial discussion on the
role of an infrastructure for wireless mobile networking and the
desirable components of such an infrastructure.
NSF Workshop on
an Infrastructure for Mobile and Wireless
Systems, Lecture Notes in Computer Science 2538, Springer-Verlag,
Berlin, 2002, pp. 1-37.
Mauro Caporuscio, Antonio Carzaniga, and Alexander L. Wolf
As wireless
technology becomes more available, developers of
distributed applications are becoming more interested in how that
technology affects the performance of their systems. We have developed
a distributed publish/subscribe communication service initially hosted
on the standard IP-wired network infrastructure, but would now like to
rehost that service onto a GPRS wireless network. This paper reports
on our experience in attempting to evaluate the performance of the
service using an available emulation environment. Our conclusion from
our experience to date is that current tools do not model the wireless
network at an appropriate level of abstraction. In particular, they do
not allow us to study the integration of individual publish/subscribe
service-layer elements with GPRS network-layer elements, nor do they
allow us to study multiple GPRS clients interacting over the
network. Instead we were limited to results related to the interaction
between an individual GPRS client and the GPRS network modeled as a
monolith.
3rd
International Workshop on Software and Performance, Rome,
Italy, July 2002, pp. 128-133.
Matthew J. Rutherford, Kenneth Anderson, Antonio Carzaniga,
Dennis Heimbigner, and Alexander L. Wolf
Reconfiguration is
the process of applying planned changes to the
communication, interconnection, componentization, or functionality of
a deployed system. It is a powerful tool for achieving a variety of
desirable properties of large-scale, distributed systems, including
evolvability, adaptability, survivability, and continuous
availability. Current approaches to reconfiguration are inadequate:
some allow one to describe a system's range of configurations for a
relatively broad class of system architectures, but do not provide a
mechanism for actually carrying out a reconfiguration; others provide
a mechanism for carrying out certain kinds of limited
reconfigurations, but assume a specialized system architecture in
order to do so. This paper describes our attempt at devising a
reconfiguration mechanism for use with the popular and widely
available Enterprise JavaBean (EJB) component container model. We
describe extensions to the basic services provided by EJB to support
the mechanism, a prototype implementation, and a case study of its
application to a representative component-based distributed system.
IFIP/ACM Working
Conference on Component Deployment, Lecture
Notes in Computer Science 2370, Springer-Verlag, Berlin, 2002,
pp. 67-81.
Dennis Heimbigner and Alexander L. Wolf
Software is
increasingly being constructed using the component-based
paradigm in which software systems are assembled using components from
multiple sources. Moreover, these systems are increasingly dynamic; a
core set of components is assembled and then new functionality is
provided as needed by dynamically inserting additional components.
A newer trend
closely associated with the use of component-based
software is the post-development use of configurable run-time
architecture models describing the structure of the software
system. These models are coming out of the software engineering
community and are being used to manage component-based systems at
deployment and operations time. The key aspect of this trend is that
these models accompany the software system and provide the basis for
defining and executing run-time monitoring and reconfiguration of
these systems.
We believe that
these models have the potential for providing a new
and important source of information that can be exploited to improve
the management of intrusions directed against these software
systems. Our hypothesis is that they can provide a common framework
for integrating and managing all phases of intrusion defenses: phases
including intrusion detection, response, and analysis. We will show
how these models can provide a framework around which to organize
intrusion-related data. We will also show how architecture-driven
reconfiguration can provide improved response, and how inconsistencies
between the models and the actual system state can support
application-level anomaly detection and computer forensics analysis.
Technical Report
CU-CS-929-02, Department of Computer Science,
University of Colorado, Boulder, Colorado, April 2002.
Antonio Carzaniga and Alexander L. Wolf
Building a
distributed publish/subscribe infrastructure amounts to
defining a service model (or interface) and providing an
implementation for it. A typical distributed implementation is
architected as a network of dispatcher components, each one
implementing appropriate protocols and algorithms, that collectively
realize the chosen service model. The service model should provide a
value-added service for a wide variety of applications, while the
implementation should gracefully scale up to handle an intense traffic
of publications and subscriptions. We believe that the design of such
service models and implementations must be guided by a systematic
evaluation method, which in turns must be based on a carefully chosen
benchmark suite. In this paper, we lay out a set of requirements for
a benchmark suite for distributed publish/subscribe services, and we
outline its primary components. The ideas proposed in this paper are
based on our own experience in building and studying publish/subscribe
infrastructures, and on existing evaluation frameworks.
Technical Report
CU-CS-927-02, Department of Computer Science,
University of Colorado, Boulder, Colorado, April 2002.
André van der Hoek, Antonio Carzaniga, Dennis Heimbigner, and
Alexander L. Wolf
Even though the
number and variety of available configuration
management systems has grown rapidly in the past few years, the need
for new configuration management systems still remains. Driving this
need are the emergence of situations requiring highly specialized
solutions, the demand for management of artifacts other than
traditional source code, and the exploration of wholely new research
questions in configuration management. Complicating the picture is
the trend toward organizational structures that involve personnel
working at physically separate sites.
We have developed a
testbed to support the rapid development of
configuration management systems. The testbed separates configuration
management repositories (i.e., the stores for versions of artifacts)
from configuration management policies (i.e., the procedures according
to which the versions are manipulated) by providing a generic model of
a distributed repository and an associated programmatic interface.
Specific configuration management policies are programmed as unique
extensions to the generic interface, while the underlying distributed
repository is reused across different policies. In this paper, we
describe the repository model and its interface, and present our
experience in using a prototype of the testbed, called NUCM, to
implement a variety of configuration management systems.
IEEE
Transactions on Software Engineering, vol. 28, no. 1,
January 2002, pp. 79-99.
Chenxi Wang, Antonio Carzaniga, David Evans, and Alexander L. Wolf
Publish-subscribe
is a communication paradigm that supports dynamic,
many-to-many communications in a distributed environment.
Content-based pub-sub systems are often implemented on a peer-to-peer
infrastructure that enables information dissemination from information
producers (publishers) to consumers (subscribers) through a
subscription mechanism. In a wide-area pub-sub network, the pub-sub
service must handle information dissemination across distinct
authoritative domains, heterogeneous platforms and a large, dynamic
population of publishers and subscribers. Such an environment raises
serious security concerns. In this paper, we investigate the security
issues and requirements that arise in an internet-scale content-based
pub-sub system. We distinguish among those requirements that can be
achieved with current technology and those that require innovative
solutions.
35th Hawaii
International Conference on System Sciences,
Big Island, Hawaii, January 2002.
John Knight, Dennis Heimbigner, Alexander L. Wolf, Antonio Carzaniga,
Jonathan Hill, Premkumar Devanbu, and Michael Gertz
The Willow
architecture is a comprehensive approach to survivability
in critical distributed applications. Survivability is achieved in a
deployed system using a unique combination of (a) fault avoidance by
disabling vulnerable network elements intentionally when a threat is
detected or predicted, (b) fault elimination by replacing system
software elements when faults are discovered, and (c) fault tolerance
by reconfiguring the system if non-maskable damage occurs. The key to
the architecture is a powerful reconfiguration mechanism that is
combined with a general control structure in which network state is
sensed, analyzed, and required changes effected. The architecture can
be used to deploy software functionality enhancements as well as
survivability. Novel aspects include: node configuration control
mechanisms; a workflow system for resolving conflicting
configurations; communications based on wide-area event notification;
tolerance for wide-area, hierarchic and sequential faults; secure, and
secure, scaleable, and delegatable trust models.
Technical Report
CU-CS-926-01, Department of Computer Science,
University of Colorado, Boulder, Colorado, December 2001.
John Knight, Dennis Heimbigner, Alexander L. Wolf,
Antonio Carzaniga, and Jonathan Hill
The Willow
architecture provides a comprehensive architectural
approach to the provision of survivability in critical information
networks. It is based on the notion that survivability of a network
requires reconfiguration at both the system and the application
levels. The Willow notion of reconfiguration is very general, and the
architecture provides reconfiguration mechanisms for both automatic
and manual network control. In this paper we summarize the Willow
concepts and provide an overview of the Willow architecture. Finally
we describe a demonstration application system that has been built on
top of a prototype Willow implementation.
Fourth
Information Survivability Workshop, Vancouver, British
Columbia, October 2001 (postponed to March 2002).
Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf
The components of a
loosely-coupled system are typically designed to
operate by generating and responding to asynchronous events. An
event notification service is an application-independent
infrastructure that supports the construction of event-based systems,
whereby generators of events publish event notifications to the
infrastructure and consumers of events subscribe with the
infrastructure to receive relevant notifications. The two primary
services that should be provided to components by the infrastructure
are notification selection (i.e., determining which notifications
match which subscriptions) and notification delivery (i.e, routing
matching notifications from publishers to subscribers). Numerous
event notification services have been developed for local-area
networks, generally based on a centralized server to select and
deliver event notifications. Therefore, they suffer from an inherent
inability to scale to wide-area networks, such as the Internet, where
the number and physical distribution of the service's clients can
quickly overwhelm a centralized solution. The critical challenge in
the setting of a wide-area network is to maximize the expressiveness
in the selection mechanism without sacrificing scalability in the
delivery mechanism.
This paper presents
Siena, an event notification service that we
have designed and implemented to exhibit both expressiveness and
scalability. We describe the service's interface to applications, the
algorithms used by networks of servers to select and deliver event
notifications, and the strategies used to optimize performance. We
also present results of simulation studies that examine the
scalability and performance of the service.
ACM Transactions
on Computer Systems,
vol. 19, no. 3, August 2001, pp. 332-383.
Judith A. Stafford and Alexander L. Wolf
The emergence of
formal software architecture description languages
provides an opportunity to perform analyses at high levels of
abstraction, as well as early in the development process. Previous
research has primarily focused on developing techniques such as
algebraic and transition-system analysis to detect component
mismatches or global behavioral incorrectness. In this paper we
motivate the utility and describe the challenges in developing a
different kind of analysis for use at the architectural level, namely
dependence analysis. Various kinds of dependence analyses have been
used widely at the implementation level to aid program optimization,
anomaly checking, program understanding, testing, and debugging.
However, the languages used for architectural description offer quite
different features than the languages for which traditional dependence
analysis techniques have been developed. We describe our initial
approach to architecture-level dependence analysis and illustrate that
approach through a prototype tool we have built, called Aladdin, to
automatically perform the analysis.
International
Journal of Software Engineering and Knowledge
Engineering, Vol. 11, No. 4, August 2001, pp. 431-452.
This paper is also
available as a preprint in PDF
here or in gzipped
postscript
here.
Alexander L. Wolf, Dennis Heimbigner, John Knight,
Premkumar Devanbu, Michael Gertz, and Antonio Carzaniga
Our national
interests are becoming increasingly dependent on the
continuous, proper functioning of large-scale, heterogeneous, and
decentralized computing enterprises. We are designing a secure,
automated framework for proactive and reactive reconfiguration of
large-scale, heterogeneous, distributed systems so that critical
networked computing enterprises can tolerate intrusions and continue
to provide an acceptable level of service. Proactive reconfiguration
adds, removes, and replaces components and interconnections to cause a
system to assume postures that achieve enterprise-wide intrusion
tolerance goals, such as increased resilience to specific kinds of
attacks or increased preparedness for recovery from specific kinds of
failures. In a complementary fashion, reactive reconfiguration adds,
removes, and replaces components and interconnections to restore the
integrity of a system in bounded time once an intrusion has been
detected and the system is known or suspected to have been
compromised. Our framework consists of two interrelated elements: an
application architecture for designing large-scale, dynamically
reconfigurable systems and a common infrastructure for building
and securely operating those systems.
Third
Information Survivability Workshop, Boston,
Massachusetts, October 2000.
Judith A. Stafford and Alexander L. Wolf
COTS components are
typically viewed as black-boxes; input and output
information is supplied in their interfaces. In this paper we argue
that interfaces provide insufficient information for many analysis
purposes and suggest analysis-related annotations be supplied with
components. We center our discussion on static dependence analysis.
We use an extensible language to annotate components and perform
dependence analysis over these descriptions. We propose that
component annotations be certified, thereby providing a base for
certifiable analysis.
Grace Hopper
Celebration of Women in Computing 2000, Hyannis,
Massachusetts, September 2000.
Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf
This paper
describes the design of Siena, an Internet-scale event
notification middleware service for distributed event-based
applications deployed over wide-area networks. Siena is responsible
for selecting the notifications that are of interest to clients
(as expressed in client subscriptions) and then delivering
those notifications to the clients via access points. The key design
challenge for Siena is maximizing expressiveness in the
selection mechanism without sacrificing scalability of the
delivery mechanism. This paper focuses on those aspects of the design
of Siena that fundamentally impact scalability and expressiveness. In
particular, we describe Siena's data model for notifications, the
covering relations that formally define the semantics of the data
model, the distributed architectures we have studied for Siena's
implementation, and the processing strategies we developed to exploit
the covering relations for optimizing the routing of notifications.
Nineteenth
Annual ACM Symposium on Principles of Distributed
Computing, Portland, Oregon, July 2000, pp. 219-227.
A later version
appears here.
Paola Inverardi, Alexander L. Wolf, and Daniel Yankelevich
A critical
challenge faced by the developer of a software system is to
understand whether the system's components correctly integrate. While
type theory has provided substantial help in detecting and preventing
errors in mismatched static properties, much work remains in the area
of dynamics. In particular, components make assumptions about their
behavioral interaction with other components, but currently we have
only limited ways in which to state those assumptions and to analyze
those assumptions for correctness.
We have formulated
a method that begins to address this problem. The
method operates at the architectural level so that behavioral
integration errors, such as deadlock, can be revealed early and at a
high level. For each component, a specification is given of its
interaction behavior. From this specification, assumptions that the
component makes about the corresponding interaction behavior of the
external context are automatically derived. We have defined an
algorithm that performs compatibility checks between finite
representations of a component's context assumptions and the actual
interaction behaviors of the components with which it is intended to
interact. A configuration of a system is possible if and only if a
successful way of matching actual behaviors with assumptions can be
found. The state-space complexity of this algorithm is significantly
less than that of comparable approaches and, in the worst case, the
time complexity is comparable to the worst case of standard
reachability analysis.
ACM Transactions
on Software Engineering and Methodology,
vol. 9, no. 3, July 2000, pp. 239-272.
Thorna Humphries, Artur Klauser, Alexander L. Wolf, and Benjamin G.
Zorn
Performance
evaluation of persistent object system implementations
requires the use and evaluation of experimental workloads. Such
workloads include a schema describing how the data are related, and
application behaviors that capture how the data are manipulated over
time. In this paper, we describe an infrastructure for generating and
sharing experimental workloads to be used in evaluating the
performance of persistent object system implementations. The
infrastructure consists of a toolkit that aids the analyst in modeling
and instrumenting experimental workloads, and a trace format that
allows the analyst to easily reuse and share the workloads. Our
infrastructure provides the following benefits: the process of
building new experiments for analysis is made easier; experiments to
evaluate the performance of implementations can be conducted and
reproduced with less effort; and pertinent information can be gathered
in a cost-effective manner. We describe the two major components of
this infrastructure, the trace format and the toolkit. We also
describe our experiences using these components to model, instrument,
and experiment with the OO7 benchmark.
Software-Practice
and
Experience, vol. 30, issue 4, 2000,
pp. 387-417.
Francesco Parisi-Presicce and Alexander L. Wolf
Existing software
configuration management systems embody a wide
variety of policies for how artifacts can evolve. New policies
continue to be introduced. Without a clean separation of
configuration management policies from configuration management
mechanisms, it is difficult to understand the policies as well as
difficult to reason about how they relate. We introduce a formal
foundation for specifying configuration management policies by viewing
the policies in terms of graph transformation systems. Not only are
we able to precisely capture the semantics of individual policies, we
can, for the first time, describe formal properties of the
relationship between policies.
Fundamental
Approaches to Software Engineering 2000,
Lecture Notes in Computer Science 1783, Springer-Verlag, Berlin,
2000, pp. 304-318.
Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf
The designers of
communication networks are being challenged by the
emergence of a new class of addressing and routing scheme referred to
as content-based addressing and routing. This new approach
differs from traditional unicast and multicast schemes in that it
performs routing based on the data being transported in a message
rather than on any specialized addressing and routing information
attached to, or otherwise associated with, the message. An example of
an application for content-based addressing and routing is an event
notification service, which is a general-purpose facility for
asynchronously and implicitly conveying information from generators of
events to any and all parties expressing interest in those events. In
order to implement content-based addressing and routing, we can adopt
well-known and successful network architectures and protocols,
provided that we understand how to map the core concepts and
functionalities of content-based addressing and routing onto this
established infrastructure. Toward that end, we have formulated a
general, yet powerful model of addressing and routing that allows us
to formalize the crucial aspects of content-based addressing and
routing in a surprisingly simple manner. Furthermore, it allows us to
treat traditional unicast and multicast addressing and routing
uniformly as instances of this more general model. This paper
presents our model and demonstrates its utility by showing its
application to the design of an existing event notification service.
Technical Report
CU-CS-902-00, Department of Computer Science,
University of Colorado, Boulder, Colorado, January 2000.
André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf
Although meant to
be relatively stable, the architecture of a software
system does, at times, change. This simple yet important observation
immediately raises the question of how changes to an architecture
should be captured. Current architecture description languages are
not well-suited for this purpose, but existing techniques from the
discipline of configuration management can be adapted to provide a
solution. In particular, we propose a novel representation, called
configurable software architecture, that extends the
traditional notion of software architecture with the concepts of
variants, options, and evolution. We discuss the details of the
representation, present an environment that allows the specification
of configurable software architectures, and highlight a few of the
opportunities that we believe arise once architectural configurability
can be precisely captured.
Technical Report
CU-CS-895-99, Department of Computer Science,
University of Colorado, Boulder, Colorado, December 1999.
C. Reid Turner, Alfonso Fuggetta, Luigi Lavazza, and Alexander L. Wolf
The gulf between
the user and the developer perspectives leads to
difficulties in producing successful software systems. Users are
focused on the problem domain, where the system's features are the
primary concern. Developers are focused on the solution domain, where
the system's life-cycle artifacts are key. Presently, there is little
understanding of how to narrow this gulf.
This paper argues
for establishing an organizing viewpoint that we
term feature engineering. Feature engineering promotes features
as first-class objects throughout the software life cycle and across
the problem and solution domains. The goal of the paper is not to
propose a specific new technique or technology. Rather, it aims at
laying out some basic concepts and terminology that can be used as a
foundation for developing a sound and complete framework for feature
engineering. The paper discusses the impact that features have on
different phases of the life cycle, provides some ideas on how these
phases can be improved by fully exploiting the concept of feature, and
suggests topics for a research agenda in feature engineering.
Journal of
Systems and Software, Vol. 49, No. 1,
December 1999, pp. 3-15.
Judith A. Stafford and Alexander L. Wolf
This paper provides
an overview of the major issues and trends in
architecture-based software engineering. While all software systems
can be described in terms of components and interconnections, such
descriptions are not always documented. Explicit description of
software architecture provides a foundation for understanding and
reasoning about both the functionality and quality of software systems
very early in the development process as well as at a high level of
abstraction. In this paper, we discuss the formalization of
architectural specification, including a review of several languages
developed especially for architectural description, and follow this
with a discussion of architectural analysis techniques that can be
applied to architectures described in these languages. Additionally,
we discuss several other emerging concepts in software architecture
that are having an influence on the general utility of the field.
Technical Report
CU-CS-891-99, Department of Computer Science,
University of Colorado, Boulder, Colorado, November 1999.
Portions of this
report appears as Chapter 20 in the book Component-Based Software
Engineering, edited by G.T. Heineman and W.T. Councill,
Addison Wesley, 2001.
Dennis M. Heimbigner, Richard S. Hall, and Alexander L. Wolf
Configuring and
deploying a large software system is complicated when
the system is composed of components and when there are numerous
possible configurations for the system. In such a scenario, it is
difficult for end-users to specify and install an appropriate
configuration for their specific environment. Defining all valid
configurations of a software system is challenging, and can be
addressed through a concise specification that can generate all of the
possible configurations. The Deployable Software Description (DSD),
part of the University of Colorado Software Dock project, is one such
specification format. But using the DSD runs the risk that the set of
generated configurations includes some that are invalid with respect
to constraints defined independently of the DSD. This paper describes
a framework to support the analysis of DSD specifications to help
developers detect potentially invalid configurations. This analysis
assumes that the system components are annotated with properties, and
an analysis tool is provided that takes a specific configuration and
analyzes it for conflicts with respect to some set of constraints.
Using the DSD, we can enumerate and analyze configurations to verify
their validity. The results can be used to modify the DSD to avoid
future generation of invalid configurations.
Fifth IEEE
International Conference on Engineering of Complex Computer
Systems, Las Vegas, Nevada, October 1999, pp. 32-42.
Peyman Oreizy, Michael M. Gorlick, Richard N. Taylor, Dennis
Heimbigner,
Gregory Johnson, Nenad Medvidovic, Alex Quilici, David S. Rosenblum,
and
Alexander L. Wolf
An increasing
number of mission-critical software systems require
dependability, robustness, adaptability, and continuous
availability. Self-adaptive software strives to fulfill these
requirements. Self-adaptive software requires the simultaneous
management of two related processes---system evolution, the consistent
and reasoned application of change over time, and system adaptation,
the cycle of detecting changing circumstances, planning responsive
modifications, and deploying those modifications to field sites. We
indicate how these two processes can be combined and coordinated in an
infrastructure that supports ongoing continuous system change without
requiring any downtime, rebuilds, or system restarts---all the while
guaranteeing system integrity. Central to our methodology is the
dominant role of software architectures in planning, coordinating,
monitoring, evaluating, and implementing software adaptation. We argue
that explicit system structure and representation, the separation of
architecture from implementation, and the separation of communication
from computation are scalable abstractions suitable for domains and
adaptations of all sizes.
IEEE Intelligent
Systems, vol. 14, no. 3, May/June 1999,
pp. 54-62.
Richard S. Hall, Dennis M. Heimbigner, and Alexander L. Wolf
Software deployment
is an evolving collection of interrelated
processes such as release, install, adapt, reconfigure, update,
activate, deactivate, remove, and retire. The connectivity of large
networks, such as the Internet, is affecting how software deployment
is being performed. To take full advantage of this connectivity, new
software deployment technologies must be introduced in order to
support these processes. The Software Dock research project is
creating a distributed, agent-based deployment framework to support
the ongoing cooperation and negotiation among software producers
themselves and among software producers and software consumers. This
deployment framework is enabled by the use of a standardized semantic
schema for describing software systems, called the Deployable Software
Description (DSD) format. The Software Dock employs agents to
traverse between software producers and consumers and to perform
software deployment activities by interpreting the semantic
descriptions of the software systems. The Software Dock
infrastructure enables software producers to offer high-level
deployment services that were previously not possible to their
customers.
21st
International Conference on Software Engineering, Los Angeles,
California, May 1999, pp. 174-183.
Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf
The event-based
style is a very promising approach for the development
and integration of distributed objects. An event notification
service is the glue that ties together distributed components in
an event-based architecture. An event notification service implements
what is commonly known as the publish/subscribe protocol: components
publish events to inform other components of a change in their
internal state or to request services from other components; the event
service registers the interest of components expressed by means of
subscriptions and consequently dispatches event notifications. In
practice, the event notification service mediates and facilitates the
interaction among applications by filtering, aggregating, and
delivering events on their behalf.
The functionality
of an event notification service is characterized by
two conflicting requirements: scalability and
expressiveness. The tension between scalability and
expressiveness is evident in all recently proposed event notification
technologies. We believe that the successful integration of
distributed objects by means of events depends on both the scalability
and the expressiveness of the event notification service. Here we
propose a research approach to this problem that we pursued with our
Siena project. In particular, we focus on how to realize scalable true
content-based routing of events over a distributed event service with
a generic topology.
ICSE '99
Workshop on Engineering Distributed Objects (EDO '99),
Los Angeles, California, May 1999.
Jonathan E. Cook and Alexander L. Wolf
To a great extent,
the usefulness of a formal model of a software
process lies in its ability to accurately predict the behavior of the
executing process. Similarly, the usefulness of an executing process
lies largely in its ability to fulfill the requirements embodied in a
formal model of the process. When process models and process
executions diverge, something significant is happening. We have
developed techniques for uncovering and measuring the discrepancies
between models and executions, which we call process
validation. Process validation takes a process execution and a
process model, and measures the level of correspondence between the
two. Our metrics are tailorable and give process engineers control
over determining the severity of different types of discrepancies.
The techniques provide detailed information once a high-level
measurement indicates the presence of a problem. We have applied our
process validation methods in an industrial case study, of which a
portion is described in this article.
ACM Transactions
on Software Engineering and Methodology, vol. 8,
no. 2, April 1999, pp. 147-176.
Daniele Compare, Paola Inverardi, and Alexander L. Wolf
When constructing
software systems from existing components, the
engineer is faced with the problem of potential conflicts in the
interactions among the components. Of particular difficulty is
guaranteeing compatibility in the dynamic interaction behavior. Using
an architectural description of the system and its intended
components, the engineer can reason about the interactions early and
at a high level of abstraction. In this paper we give a case study of
the Compressing Proxy system, which was first investigated by Garlan,
Kindred, and Wing. We present architectural specifications and
analyses of two versions of the system. One version is a seemingly
obvious melding of the components. The other is a solution to
deadlock problems uncovered by formal analyses of the first version.
We use the Chemical Abstract Machine as an example of an architectural
description formalism that can help uncover architectural mismatches
in the behavior of components.
Science of
Computer Programming, vol. 33, no. 2, February 1999,
pp. 101-131.
Jonathan E. Cook and Alexander L. Wolf
Understanding the
behavior of a system is crucial in being able to
modify, maintain, and improve the system. A particularly difficult
aspect of some system behaviors is concurrency. While there are many
techniques to specify intended concurrent behavior, there are few, if
any, techniques to capture and model actual concurrent behavior. This
paper presents a technique to discover patterns of concurrent behavior
from traces of system events. The technique is based on a
probabilistic analysis of the event traces. Using metrics for the
number, frequency, and regularity of event occurrences, a
determination is made of the likely concurrent behavior being
manifested by the system. The technique is useful in a wide variety
of software engineering tasks, including architecture discovery,
reengineering, user interaction modeling, and software process
improvement.
SIGSOFT '98:
Sixth International Symposium on the Foundations of
Software Engineering, Orlando, Florida, November 1998, pp. 35-45.
Judith A. Stafford and Alexander L. Wolf
Software
maintenance is the most costly phase of software
development. Two factors contributing to the high cost are the late
detection of system failures and the increasing difficulty of
understanding a system as it ages. The advent of formal architecture
description languages (ADLs) provides an opportunity to reason about
the correctness of a system at the earliest stages of development as
well as at a high level of abstraction throughout its life.
In general, there
are many kinds of questions one might want to ask at
an architectural level for maintenance purposes as varied as reuse,
reverse engineering, fault localization, impact analysis, regression
testing, and workspace management. These kinds of questions are
similar to those currently asked at the implementation level and
answered through static dependence analysis techniques applied to
program code. It seems reasonable, therefore, to apply similar
techniques at the architectural level, either because the program code
may not exist at the time the question is being asked or because
answering the question at the architectural level is more tractable
than at the implementation level. We are developing an
architecture-level dependence analysis technique, called port-to-port
chaining, and implementing the technique in a tool called Aladdin.
Third
International Software Architecture Workshop, Orlando,
Florida, November 1998, pp. 129-132.
A later version
appears here.
André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf
In this position
paper we introduce a novel use of software
architecture. Rather than following the traditional focus on design,
we propose to use the notion of versioned software architecture
to support other activities in the software life cycle. In particular,
we are investigating how the activities of configuration management
and software deployment can benefit from the availability of an
explicit architectural representation that is enhanced with versioning
capabilities. In this paper we present some of the initial results of
this investigation. We motivate our research into versioned software
architecture, present some usage scenarios in the context of
configuration management and software deployment, and conclude with an
outlook at the future work that remains to be done.
Third
International Software Architecture Workshop, Orlando,
Florida, November 1998, pp. 73-76.
Antonio Carzaniga, Elisabetta Di Nitto, David S. Rosenblum and
Alexander L. Wolf
The development of
complex software systems is demanding well
established approaches that guarantee robustness of products, economy
of the development process, and rapid time to market. This need is
becoming more and more relevant as the requirements of customers and
the potential of computer telecommunication networks grow. To address
this issue, researchers in the field of software architecture are
defining a number of languages and tools that support the definition
and validation of the architecture of systems. Also, a number of
architectural styles are being formalized. A style that is very
prevalent for large-scale distributed applications is the event-based
style. In an event-based style, components communicate by generating
and receiving event notifications. In this paper we identify the
event-based style variations introduced by a number of event-based
middleware infrastructures and point out the advantages and drawbacks
of the different approaches as well as the open issues.
Third
International Software Architecture Workshop, Orlando,
Florida, November 1998, pp. 17-20.
Richard S. Hall, Dennis M. Heimbigner, and Alexander L. Wolf
Software
distribution is evolving from a physical media approach to
one where it is practical and advantageous to leverage the
connectivity of networks. Network distribution of software systems
provides timeliness and continuity of evolution not possible with
physical media distribution methods. To support network-based
software distribution, companies and organizations such as Microsoft,
Marimba, and the Desktop Management Task Force (DMTF) are
strengthening their efforts to package software systems in a way that
is conducive to network distribution and management. The result of
these efforts has led to the creation of software description
languages and schema such as the Open Software Description format
created by Microsoft and Marimba and the Management Information Format
created by DMTF. While these efforts are steps in the right
direction, they do not address deployment issues in a complete and
systematic fashion. The contribution of this paper is to evaluate
these leading software description technologies.
1998
International Conference on Software Maintenance, Bethesda,
Maryland, November 1998, pp. 177-185.
André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf
The discipline of
software architecture has traditionally been
concerned with high-level design. In particular, a variety of
architecture description languages have been developed that are used
to precisely capture a design. Additionally, analysis tools have been
constructed that are used to verify particular properties of a
design. However, today's trend towards the development of
component-based software seems to suggest a new use of software
architecture. Because an architecture captures components and the
connections among them, it could potentially be used as an organizing
abstraction for many of the activities in the software life cycle. In
this paper we present an initial investigation into the feasibility of
such use. In particular, we closely examine the role system modeling
plays in the fields of configuration management and software
deployment, and relate this role to the system modeling capabilities
of architecture description languages. The outcome of this
investigation is twofold. First, we conclude that, for the specific
cases of configuration management and software deployment, the use of
software architecture brings opportunities to significantly extend the
provided functionality. Second, we present requirements for a number
of extensions to typical architecture description languages that are
needed to make our approach viable.
Technical Report
CU-CS-862-98, Department of Computer Science,
University of Colorado, Boulder, Colorado, September 1998.
Jonathan E. Cook, Lawrence G. Votta, and Alexander L. Wolf
Process studies and
improvement efforts typically call for new
instrumentation on the process in order to collect the data they have
deemed necessary. This can be intrusive and expensive, and resistance
to the extra workload often foils the study before it begins. The
result is neither interesting new knowledge nor an improved
process. In many organizations, however, extensive historical process
and product data already exist. Can these existing data be used to
empirically explore what process factors might be affecting the
outcome of the process? If they can, organizations would have a
cost-effective method for quantitatively, if not causally,
understanding their process and its relationship to the product. We
present a case study that analyzes an in-place industrial process and
takes advantage of existing data sources. In doing this, we also
illustrate and propose a methodology for such exploratory empirical
studies. The case study makes use of several readily available
repositories of process data in the industrial organization. Our
results show that readily available data can be used to correlate both
simple aggregate metrics and complex process metrics with defects in
the product. Through the case study, we give evidence supporting the
claim that exploratory empirical studies can provide significant
results and benefits while being cost effective in their demands on
the organization.
IEEE
Transactions on Software Engineering, vol. 24, no. 8,
August 1998, pp. 650-663.
Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf
Event-based
distributed systems are programmed to operate in response
to events. An event notification service is an
application-independent infrastructure that supports the construction
of event-based systems. While numerous technologies have been
developed for supporting event-based interactions over local-area
networks, these technologies do not scale well to wide-area networks
such as the Internet. Wide-area networks pose new challenges that
have to be attacked with solutions that specifically address issues of
scalability. This paper presents Siena, a scalable event notification
service that is based on a distributed architecture of event servers.
We first present a formally defined interface that is based on an
extension to the publish/subscribe protocol. We then describe and
compare several different server topologies and routing algorithms.
We conclude by briefly discussing related work, our experience with an
initial implementation of Siena, and a framework for evaluating the
scalability of event notification services such as Siena.
Technical Report
CU-CS-863-98, Department of Computer Science,
University of Colorado, Boulder, Colorado, August 1998.
Jonathan E. Cook and Alexander L. Wolf
Many software
process methods and tools presuppose the existence of a
formal model of a process. Unfortunately, developing a formal model
for an on-going, complex process can be difficult, costly, and error
prone. This presents a practical barrier to the adoption of process
technologies, which would be lowered by automated assistance in
creating formal models. To this end, we have developed a data analysis
technique that we term process discovery. Under this technique,
data describing process events are first captured from an on-going
process and then used to generate a formal model of the behavior of
that process. In this article we describe a Markov method that we
developed specifically for process discovery, as well as describe two
additional methods that we adopted from other domains and augmented
for our purposes. The three methods range from the purely algorithmic
to the purely statistical. We compare the methods and discuss their
application in an industrial case study.
ACM Transactions
on Software Engineering and Methodology, vol. 7,
no. 3, July 1998, pp. 215-249.
Richard S. Hall, Dennis M. Heimbigner, and Alexander L. Wolf
Software
distribution via networks provides timeliness and continual
evolution that is not possible with physical media distribution
methods. Organizations such as Microsoft, Marimba, and the Desktop
Management Task Force are strengthening their efforts to package
software systems in ways that are conducive to network distribution.
The result of these efforts has led to the creation of software
description languages and schema, but they do not address deployment
issues in a complete, systematic fashion. The contribution of this
paper is to define and explore the requirements for software
deployment languages and schema.
8th
International Symposium on System Configuration Management,
Lecture Notes in Computer Science 1439, Springer-Verlag, Berlin,
1998, pp. 198-203.
André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf
Over the past few
years, research into system modeling has dwindled in
favor of other interests in the field of configuration
management. Outside influence, in the form of the emergence of the
discipline of software architecture, demands that renewed attention is
paid to system modeling because it places new requirements on, and
offers new opportunities to, system modeling. In this paper we
investigate these requirements and opportunities in more detail.
8th
International Symposium on System Configuration Management,
Lecture Notes in Computer Science 1439, Springer-Verlag, Berlin,
1998, pp. 140-145.
Jonathan E. Cook and Alexander L. Wolf
Software process
research has suffered from a lack of focussed data
analysis techniques and tools. Part of the problem is the ad hoc and
heterogeneous nature of the data, as well as the methods of collecting
those data. While collection methods must be specific to their data
source, analysis tools should be shielded from specific data formats
and idiosyncrasies.
We have built
Balboa as a bridge between the data collection and the
analysis tools, facilitating the gathering and management of event
data, and simplifying the construction of tools to analyze the data.
Balboa is a framework that provides to collection methods a flexible
data registration mechanism, and provides to tools a consistent set of
data manipulation, management, and access services. It unites the
variety of collection mechanisms with the variety of tools, thus
paving the way for more extensive application of process improvement
techniques based on data analysis.
Fifth
International Conference on the Software Process, Lisle,
Illinois, June 1998, pp. 99-110.
C. Reid Turner, Alfonso Fuggetta, Luigi Lavazza, and Alexander L. Wolf
The notion of
feature is widely used to denote the functional
structure and visible properties of a software system. More
specifically, features are meant to represent a user-centric
organization of a software system's functionality. Yet, other than
during requirements analysis, features are seldom treated explicitly
by most existing tools and methods.
This paper argues
that a feature-orientation can provide benefits to
software developers throughout the software life cycle. We envisage
specific applications of the notion of feature that provide a powerful
and unifying structure for software life cycle artifacts and
activities. We discuss the problems and issues to be addressed, a
brief summary of our current research work, and suggestions and
directions for future research in a new area we call "feature
engineering".
Ninth
International Workshop on Software Specification and Design,
Ise-shima, Japan, April 1998, pp. 162-164.
A later version
appears here.
Judith A. Stafford, Debra J. Richardson, and Alexander L. Wolf
The emergence of
formal architecture description languages provides an
opportunity to perform analyses at high levels of abstraction, as well
as early in the development process. Previous research has primarily
focused on developing techniques such as algebraic and
transition-system analysis to detect component mismatches or global
behavioral incorrectness. In this paper, we present Aladdin, a tool
that implements chaining, a static dependence analysis
technique
for use with architectural descriptions. Dependence analysis has been
used widely at the implementation level to aid program optimization,
anomaly checking, program understanding, testing, and debugging. We
investigate the definition and application of dependence analysis at
the architectural level. We illustrate the utility of chaining,
through the use of Aladdin, by showing how the technique can be used
to answer various questions one might pose of a Rapide architecture
specification.
Technical Report
CU-CS-858-98, Department of Computer Science,
University of Colorado, Boulder, Colorado, April 1998.
A later version
appears here.
Antonio Carzaniga, Alfonso Fuggetta, Richard S. Hall, Dennis
Heimbigner,
André van der Hoek, and Alexander L. Wolf
Software
applications are no longer stand-alone systems. They are
increasingly the result of integrating heterogeneous collections of
components, both executable and data, possibly dispersed over a
computer network. Different components can be provided by different
producers and they can be part of different systems at the same time.
Moreover, components can change rapidly and independently, making it
difficult to manage the whole system in a consistent way. Under these
circumstances, a crucial step of the software life cycle is
deployment---that is, the activities related to the release,
installation, activation, deactivation, update, and removal of
components, as well as whole systems.
This paper presents
a framework for characterizing technologies that
are intended to support software deployment. The framework highlights
four primary factors concerning the technologies: process coverage;
process changeability; interprocess coordination; and site, product,
and deployment policy abstraction. A variety of existing technologies
are surveyed and assessed against the framework. Finally, we discuss
promising research directions in software deployment.
Technical Report
CU-CS-857-98, Department of Computer Science,
University of Colorado, Boulder, Colorado, April 1998.
John C. Doppke, Dennis Heimbigner, and Alexander L. Wolf
In the past,
multiuser virtual environments have been developed as
venues for entertainment and social interaction. Recent research
focuses instead on their utility in carrying out work in the real
world. This research has identified the importance of a mapping
between the real and the virtual that permits the representation of
real tasks in the virtual environment. In this paper we investigate
the use of virtual environments---in particular, MUDs (Multi-User
Dimensions)---in the domain of software process. In so doing, we
define a mapping, or metaphor, that permits the representation
of software processes within a MUD. The system resulting from this
mapping, called Promo, permits the modeling and execution of software
processes by geographically dispersed agents.
ACM Transactions
on Software Engineering and Methodology, vol. 7,
no. 1, January 1998, pp. 1-40.
Jonathan E. Cook, Alexander L. Wolf, and Benjamin G. Zorn
We investigate
methods to improve the performance of algorithms for
automatic storage reclamation of object databases. These algorithms
are based on a technique called partitioned garbage collection,
in which a subset of the entire database is collected independently of
the rest. We evaluate how different application, database system, and
garbage collection implementation parameters affect the performance of
garbage collection in object database systems. We focus specifically
on investigating the policy that is used to select which partition in
the database should be collected. Three of the policies that we
investigate are based on the intuition that the values of overwritten
pointers provide good hints about where to find garbage. A fourth
policy investigated chooses the partition with the greatest presence
in the I/O buffer. Using simulations based on a synthetic database, we
show that one of our policies requires less I/O to collect more
garbage than any existing implementable policy. Furthermore, that
policy performs close to a locally optimal policy over a wide range of
simulation parameters, including database size, collection rate, and
database connectivity. We also show what impact these simulation
parameters have on application performance and investigate the
expected costs and benefits of garbage collection in such systems.
IEEE
Transactions on Knowledge and Data Engineering,
vol. 10, no. 1, January/February 1998, pp. 153-172.
André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf
Software
architecture, configuration management, and configurable
distributed systems are three areas of research that until now have
evolved separately. Contributions in each field have focused on their
respective area of concern. However, as solutions in the three fields
tend to center around some notion of a system model, it is
worthwhile to investigate their relationship in detail. In
particular, the large amount of overlap among the system models
developed in each area, combined with the complementary nature of the
differences among them, suggests that an approach based on a common
system model is viable. In this paper, we illustrate the benefits of
using such a unified system model, identify the commonalities and
differences among the existing system models, and present some of our
initial experiments that we believe will lead to the development of a
single system model that is usable in all three fields.
Technical Report
CU-CS-849-98, Department of Computer Science,
University of Colorado, Boulder, Colorado, January 1998.
Judith A. Stafford, Debra J. Richardson, and Alexander L. Wolf
The emergence of
formal architecture description languages provides an
opportunity to perform analyses at high levels of abstraction.
Research has primarily focused on developing techniques such as
algebraic and transition-system analysis to detect component
mismatches or global behavioral incorrectness. In this paper, we
describe chaining, a technique similar in concept and
application to program slicing, in which the goal is to reduce the
portions of an architecture that must be examined by an architect for
some purpose, such as testing or debugging. In chaining, links
represent the dependence relationships that exist in an architectural
specification. Links connect elements of the specification that are
directly related, producing a chain of dependencies that can be
followed during analysis. We illustrate the utility of chaining by
showing how the technique can be used to answer various questions one
might pose of a Rapide architecture specification.
Technical Report
CU-CS-845-97, Department of Computer Science,
University of Colorado, Boulder, Colorado, September 1997.
A later version
appears here.
David S. Rosenblum and Alexander L. Wolf
There is increasing
interest in having software systems execute and
interoperate over the Internet. Execution and interoperation at this
scale imply a degree of loose coupling and heterogeneity among the
components from which such systems will be built. One common
architectural style for distributed, loosely-coupled, heterogeneous
software systems is a structure based on event generation, observation
and notification. The technology to support this approach is
well-developed for local area networks, but it is ill-suited to
networks on the scale of the Internet. Hence, new technologies are
needed to support the construction of large-scale, event-based
software systems for the Internet. We have begun to design a new
facility for event observation and notification that better serves the
needs of Internet-scale applications. In this paper we present
results from our first step in this design process, in which we
defined a framework that captures many of the relevant design
dimensions. Our framework comprises seven models-an object model, an
event model, a naming model, an observation model, a time model, a
notification model, and a resource model. The paper discusses each of
these models in detail and illustrates them using an example involving
an update to a Web page. The paper also evaluates three existing
technologies with respect to the seven models.
6th European
Software Engineering Conference
(held jointly with SIGSOFT '97: Fifth International Symposium on the
Foundations of Software Engineering),
Lecture Notes in Computer Science 1301, Springer, Berlin, 1997,
pp. 344-360.
André van der Hoek, Richard S. Hall, Dennis Heimbigner, and
Alexander L. Wolf
A poorly understood
and underdeveloped part of the software process is
software release management, which is the process through which
software is made available to and obtained by its users. Complicating
software release management is the increasing tendency for software to
be constructed as a ``system of systems'', assembled from pre-existing,
independently produced, and independently released systems. Both
developers and users of such software are affected by these
complications.
Developers need to accurately document complex and changing
dependencies among the systems constituting the software. Users will be
heavily involved in the location, retrieval, and assembly process of
the systems in order to appropriately configure the software to their
particular environment. In this paper we identify the issues
encountered in software release management, and present an initial set
of requirements for a software release management tool. We then
describe a prototype of such a tool that supports both developers and
users in the software release management process.
6th European
Software Engineering Conference
(held jointly with SIGSOFT '97: Fifth International Symposium on the
Foundations of Software Engineering),
Lecture Notes in Computer Science 1301, Springer, Berlin, 1997,
pp. 159-175.
A later version
appears here.
Paola Inverardi, Alexander L. Wolf, and Daniel Yankelevich
A critical
challenge faced by the developer of a software system is to
understand whether the system's components correctly integrate. While
type theory has provided substantial help in detecting and preventing
errors in mismatched static properties, much work remains in the area
of dynamics. In particular, components make assumptions about their
behavioral interaction with other components, but currently we have
only limited ways in which to state those assumptions and to analyze
those assumptions for correctness.
We have begun to
formulate a method that addresses this problem. The
method operates at the architectural level so that behavioral
integration errors, such as deadlock, can be revealed early in
development. For each component, a specification is given both of its
own interaction behavior and of the assumptions that it makes about
the interaction behavior of the external context in which it expects
to operate. We have defined an algorithm that, given such
specifications for a set of components, performs ``adequacy'' checks
between the component context assumptions and the component
interaction behaviors. A configuration of a system is possible if and
only if a successful way of ``matching'' actual behaviors with
assumptions can be found. In effect, we are extending the usual
notion of type checking to include the checking of behavioral
compatibility.
Second
International Conference on Coordination Models and
Languages (COORD '97), Lecture Notes in Computer Science 1282,
Springer, Berlin, 1997, pp. 46-63.
A later version
appears here.
Richard S. Hall, Dennis Heimbigner, André van der Hoek,
and Alexander L. Wolf
Few tools exist to
address the post-development activities of
configuring, releasing, installing, updating, reconfiguring, and even
de-installing a software system. Certainly there is no unified
approach for all of these activities, and none that can take full
advantage of a wide-area network. The Software Dock represents an
architecture for supporting post-development activities in such a
setting. It is designed as a system of loosely-coupled, cooperating,
distributed components that are bound together by a wide-area
messaging and event system. In this paper we describe the Software
Dock architecture and discuss the use of a prototype in deploying a
complex system.
17th
International Conference on Distributed
Computing Systems, Baltimore, Maryland, May 1997, pp. 269-278.
Alexander L. Wolf
Interest in
software architecture as an area of research, education,
and practice within software engineering has been growing steadily
over the past decade. Software architecture is concerned with the
principled study of large-grained software components, including their
properties, relationships, and patterns of combination. It is
becoming clear that one key to the effective development, operation,
and evolution of software systems is the design and evaluation of
appropriate architectures. As a complement to the Fourth Symposium on
the Foundations of Software Engineering (FSE-4), whose theme was
software architecture, the Second International Software Architecture
Workshop (ISAW-2) brought together practitioners and researchers for
two intense days of discussion and work. This paper summarizes the
results of the workshop.
ACM SIGSOFT
Software Engineering Notes, vol. 22, no. 1,
January 1997, pp. 42-56.
Amit Sheth, Dimitrios Georgakopoulos, Stef M.M. Joosten,
Marek Rusinkiewicz, Walt Scacchi, Jack Wileden, and Alexander L. Wolf
An
interdisciplinary research community needs to address challenging
issues raised by applying workflow management technology in
information systems. This conclusion results from the NSF workshop on
Workflow and Process Automation in Information Systems which was held
at the State Botanical Garden of Georgia during May 8-10, 1996. The
workshop brought together active researchers and practitioners from
several communities, with significant representation from database and
distributed systems, software process and software engineering, and
computer supported cooperative work. This report is the joint work of
selected representatives from the workshop and it documents the
results of significant group discussions and exchange of ideas.
ACM SIGSOFT
Software Engineering Notes, vol. 22, no. 1,
January 1997, pp. 28-38.
Debra J. Richardson and Alexander L. Wolf
This paper argues
that with the advent of explicitly specified
software architectures, testing can be done effectively at the
architectural level. A software architecture specification provides a
solid foundation for developing a plan for testing at this level. We
propose several architecture-based test criteria based on the Chemical
Abstract Machine model of software architecture. An architectural
(integration) test plan, developed by applying selected of these
criteria, can be used to assess the architecture itself or to test the
implementation's conformance with the architecture. This facilitates
detecting defects earlier in the software lifecycle, enables
leveraging software testing costs across multiple systems developed
from the same architecture, and also leverages the effort put into
developing a software architecture.
Second
International Software Architecture Workshop (ISAW-2),
San Francisco, California, October 1996, pp. 68-71.
Jeff Kramer and Alexander L. Wolf
The 8th
International Workshop on Software Specification and Design
(IWSSD-8) was held at Schloss Velen, Germany, in March 1996. Like its
predecessors, IWSSD-8 maintained the principle that the accepted
papers should serve as background material for the workshop.
Therefore, the workshop did not include formal paper presentations,
but rather provided an opportunity to engage in real work, with
intensive discussions focussed around major themes. Each theme was
discussed in a separate working group directed by a Working Group
Chair who organized their group members so as to discuss the research
issues of that particular theme. This year the themes selected were
Requirements Engineering, Design Engineering, Software Architecture,
and Concurrency/Distribution. This paper summarizes the results of
the workshop in general and the working group discussions in
particular.
ACM SIGSOFT
Software Engineering Notes, vol. 21, no. 5,
September 1996, pp. 21-35.
Dennis Heimbigner and Alexander L. Wolf
This paper presents
a method that can be used for the elicitation and
specification of requirements and high-level design. It supports
stakeholder-based modeling, rapid feasibility feedback to marketing,
and the interpersonal dynamics that are necessary to develop a
product. The method centers on the role of the "facilitator", an
independent agent whose purpose is to build the Integrated System
Model (ISM). The ISM is the product of merging the independent system
views from all stakeholders at any given abstraction level.
Formulation of this method was based on the real-world experience of
developing a complex, high-technology medical product with critical
time-to-market pressures. It has proven to be a practical approach to
the evolution of requirements definition and provides a necessary link
to the marketing aspect of a product.
10th
International Software Process Workshop, Dijon, France,
June 1996, pp. 71-73.
Jonathan E. Cook, Artur W. Klauser, Alexander L. Wolf, and Benjamin G.
Zorn
A fundamental
problem in automating object database storage
reclamation is determining how often to perform garbage
collection. We show that the choice of collection rate can have a
significant impact on application performance and that the ``best''
rate depends on the dynamic behavior of the application, tempered by
the particular performance goals of the user. We describe two
semi-automatic, self-adaptive policies for controlling collection rate
that we have developed to address the problem. Using trace-driven
simulations, we evaluate the performance of the policies on a test
database application that demonstrates two distinct reclustering
behaviors. Our results show that the policies are effective at
achieving user-specified levels of I/O operations and database garbage
percentage. We also investigate the sensitivity of the policies over
a range of object connectivities. The evaluation demonstrates that
semi-automatic, self-adaptive policies are a practical means for
flexibly controlling garbage collection rate.
ACM SIGMOD
International Conference on Management of Data,
Montreal, Canada, June 1996, pp. 377-388.
Jonathan E. Cook and Alexander L. Wolf
We are developing
automated data analysis methods to help
organizations understand, improve, and control their processes. The
methods use process event data to reveal significant behavioral
characteristics of processes. The two main areas we are addressing
are process discovery and process validation. Process discovery uses
event data to create formal models of processes that can be used to
understand an organization's processes. Process validation uncovers
discrepancies between an organization's intended processes and the
processes actually followed. We have implemented prototype discovery
and validation tools within a common event-data analysis framework
called Balboa.
NSF Workshop on
Workflow and Process Automation
in Information Systems, Athens, Georgia, May 1996.
John Doppke, Dennis Heimbigner, and Alexander L. Wolf
Metadata is
spreading beyond its historical application area, database
management systems, to areas such as distributed object programming,
large-grained parallel scientific computation, and large-scale
continuously running systems. We therefore see significant benefits
in moving from the current ad hoc, application-specific mechanisms to
a unifying and generalizing metadata model.
Our goal is to
develop packages and tools to support the development
and use of metadata. Our approach is to exploit the power of
language-processing technology to capture the range of metadata
complexities conveniently and uniformly. In essence, we are creating
a generic ``metamodel'' representation scheme that can be specialized
to
particular metadata applications. We have built a prototype, called
CRIME, that demonstrates our ideas in the application area of
distributed object technology.
First IEEE
Metadata Conference, Silver Spring, Maryland, April
1996.
Regina M. Gonzales and Alexander L. Wolf
This paper presents
a method that can be used for the elicitation and
specification of requirements and high-level design. It supports
stakeholder-based modeling, rapid feasibility feedback to marketing,
and the interpersonal dynamics that are necessary to develop a
product. The method centers on the role of the "facilitator", an
independent agent whose purpose is to build the Integrated System
Model (ISM). The ISM is the product of merging the independent system
views from all stakeholders at any given abstraction level.
Formulation of this method was based on the real-world experience of
developing a complex, high-technology medical product with critical
time-to-market pressures. It has proven to be a practical approach to
the evolution of requirements definition and provides a necessary link
to the marketing aspect of a product.
1996
International Conference on Requirements
Engineering, Colorado Springs, Colorado, April 1996, pp. 190-197.
André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf
Distributed
configuration management is intended to support the
activities of projects that span multiple sites. NUCM is a testbed
that we are developing to help us explore the issues of distributed
configuration management. NUCM separates configuration management
repositories (i.e., the stores for versions of artifacts) from
configuration management policies (i.e., the procedures by which the
versions are manipulated) by providing a generic model of a
distributed repository and an associated programmatic interface. This
paper describes the model and the interface, presents an initial
repository distribution mechanism, and sketches how NUCM can be used
to implement two, rather different, configuration management policies,
namely check-in/check-out and change sets.
18th
International Conference on Software Engineering, Berlin,
Germany, March 1996, pp. 308-317.
A later version
appears here.
Dennis Heimbigner and Alexander L. Wolf
Configuration
management must move beyond its traditional
development-time concerns with source files. Future software systems
will be delivered in binary form and will be composed from
pre-existing systems. The term Post-Deployment Configuration
Management is proposed to address the problems introduced in managing
these new kinds of versioned configurations.
6th
International Workshop on Software Configuration
Management, Lecture Notes in Computer Science 1167,
Springer-Verlag,
Berlin, 1996, pp. 272-276.
Premkumar T. Devanbu, David S. Rosenblum, and Alexander L. Wolf
Many software
testing and analysis tools manipulate graph
representations of programs, such as abstract syntax trees or abstract
semantics graphs. Handcrafting such tools in conventional programming
languages can be difficult, error prone, and time consuming. Our
approach is to use application generators targeted for the domain of
graph-representation-based testing and analysis tools. Moreover, we
generate the generators themselves, so that the development of tools
based on different languages and/or representations can also be
supported better. In this article we report on our experiences in
developing and using a system called Aria that generates testing and
analysis tools based on an abstract semantics graph representation for
C and C++ called Reprise. Aria itself was generated by the Genoa
system. We demonstrate the utility of Aria and, thereby, the power of
our approach, by showing Aria's use in the development of a number of
useful testing and analysis tools.
ACM Transactions
on Software Engineering and Methodology, vol. 5,
no. 1, January 1996, pp. 42-62.
Paola Inverardi and Alexander L. Wolf
We are exploring an
approach to formally specifying and analyzing software
architectures that is based on viewing software systems as chemicals
whose reactions are controlled by explicitly stated rules. This
powerful
metaphor was devised in the domain of theoretical computer science by
Banatre and Le Metayer and then reformulated as the Chemical Abstract
Machine, or CHAM, by Berry and Boudol. The CHAM formalism provides a
framework for developing operational specifications that does not bias
the
described system toward any particular computational model and that
encourages
the construction and use of modular specifications at different levels
of
detail. We illustrate the use of the CHAM for architectural description
and
analysis by applying it to two different architectures for a simple,
but
familiar, software system, the multiphase compiler.
IEEE
Transactions on Software Engineering, vol. 21, no. 4, April 1995,
pp. 373-386.
Jonathan E. Cook and Alexander L. Wolf
Many software
process methods and tools presuppose the existence of a formal model
of a process. Unfortunately, developing a formal model for an
on-going, complex process can be difficult, costly, and error
prone. This presents a practical barrier to the adoption of process
technologies. The barrier would be lowered by automating the creation
of formal models. We are currently exploring techniques that can use
basic event data captured from an on-going process to generate a
formal model of process behavior. We term this kind of data analysis
"process discovery". This paper describes and illustrates three
methods with which we have been experimenting: algorithmic grammar
inference, Markov models, and neural networks.
17th
International Conference on Software Engineering, Seattle,
Washington, April 1995, pp. 373-386.
A later version
appears here.
André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf
In this position
paper we raise the question of whether Configuration
Management (CM) research has a future. The new standard in CM systems
-- typified by commercial products such as Adele, ADC, ClearCase,
Continuus/CM, and CCC/Harvest -- largely satisfies the CM
functionality requirements posed by Dart. This implies that research
in the area of CM is either unnecessary or that we must find new
challenges in CM on which to focus. We believe that these challenges
indeed exist. Here we present some areas that we feel are good
opportunities for new or continued CM research, and therefore conclude
that CM research does have a future.
5th
International Workshop on Software Configuration
Management, Lecture Notes in Computer Science 1005,
Springer-Verlag,
Berlin, 1995, pp. 305-309.
Jonathan E. Cook and Alexander L. Wolf
To a great extent,
the usefulness of a formal model of a software process
lies in its ability to accurately predict the behavior of the executing
process. Similarly, the usefulness of an executing process lies largely
in
its ability to fulfill the requirements embodied in a formal model of
the
process. When process models and process executions diverge, something
significant is happening. We are developing techniques for uncovering
discrepancies between models and executions under the rubric of
"process
validation". Further, we are developing metrics for process validation
that give engineers a feel for the severity of the discrepancy. We
view the metrics presented here as a first step toward a suite of
useful
metrics for process validation.
Third
International Conference on the Software Process, Reston,
Virginia, October 1994, pp. 33-44.
A later version
appears here.
Jonathan E. Cook, Alexander L. Wolf, and Benjamin G. Zorn
The automatic
reclamation of storage for unreferenced objects is very important in
object databases. Existing language system algorithms for automatic
storage reclamation have been shown to be inappropriate. In this
paper, we investigate methods to improve the performance of algorithms
for automatic storage reclamation of object databases. These
algorithms are based on a technique called partitioned garbage
collection, in which a subset of the entire database is collected
independently of the rest. Specifically, we investigate the policy
that is used to select what partition in the database should be
collected. The policies that we propose and investigate are based on
the intuition that the values of overwritten pointers provide good
hints about where to find garbage. Using trace-driven simulation, we
show that one of our policies requires less I/O to collect more
garbage than any existing implementable policy and performs close to a
near-optimal policy over a wide range of database sizes and object
connectivities.
SIGMOD 1994
International Conference on Management of Data,
Minneapolis, Minnesota, May 1994, pp. 371-382.
A later version
appears here.
Premkumar T. Devanbu, David S. Rosenblum, and Alexander L. Wolf
Many software
testing and analysis tools manipulate graph representations of
programs, such as abstract syntax trees or abstract semantics graphs.
Hand-crafting such tools in conventional programming languages can be
difficult, error prone, and time consuming. Our approach is to use
application generators targeted for the domain of
graph-representation-based
testing and analysis tools. Moreover, we generate the generators
themselves,
so that the development of tools based on different languages and/or
representations can also be supported better. In this paper we report
on our
experiences in developing a system called Aria that generates testing
and
analysis tools based on an abstract semantics graph representation for
C and
C++ called Reprise. Aria itself was generated by the Genoa system. We
demonstrate the utility of Aria and, thereby, the power of our
approach, by
showing Aria's use in the development of a tool that derives control
dependence graphs directly from Reprise abstract semantics graphs.
16th
International Conference on Software Engineering, Sorrento,
Italy, May 1994, pp. 241-250.
A later version
appears here.
Alexander L. Wolf
This file contains
slides from an invited talk on the state of the art in
software configuration management presented at the 16th
International
Conference on Software Engineering, Sorrento, Italy, May 1994.
Andrea H. Skarra, Naser S. Barghouti, and Alexander L. Wolf
This paper
describes a synchronization scheme that exploits the semantics of
collections and indexes to improve concurrency in a persistent object
system
library. The library implements a common execution model in which data
(rather than operations) are shipped between a transaction and the
database
at a granularity no smaller than an object. The paper describes the
impact
of the execution model on the extent to which semantics can be used in
synchronization, and it develops several techniques that yield higher
concurrency levels in this common, though restrictive, model. Finally,
it
examines the process and tradeoffs involved in designing a semantic
synchronization protocol.
Sixth
International Workshop on Persistent Object Systems (POS6),
Tarascon, France, September 1994, pp. 129-146.
Alexander L. Wolf and David S. Rosenblum
The software
process research community has concentrated a large measure of
its effort on the problem of how to ``computerize'' the software
process.
In particular, the notion of a process-centered environment has
emerged,
dominating software environment research for the past several years.
Among
the many benefits touted for process-centered environments are the
ability to
automate various aspects of a process and the ability to monitor the
progress
of a process in order to guide, enforce, or measure that process. This
approach has shown great promise and indeed has even shown some early
successes. Unfortunately, this emphasis on computerization in general,
and
on process-centered environments in particular, tends to focus
attention on
exactly those aspects of process that can be computerized, while giving
short
shrift to those aspects not amenable to computerization.
Eighth
International Software Process Workshop, Wadern, Germany,
March 1993, pp. 148-149.
Alexander L. Wolf and David S. Rosenblum
Process data
capture is the activity of obtaining information about an
existing software process. Process analysis is the manipulation of that
information for purposes of problem identification. Capture and
analysis
are key elements in any strategy for software process improvement. We
have
developed a model of the software process that is based on a notion of
events
characterizing identifiable, instantaneous milestones in a process. We
have
also developed capture and analysis techniques suited to that model.
This
paper reports on a study that was undertaken to gain experience with
both the
model and the capture and analysis techniques. In that study, we
captured
event data on several actual enactments of the build process of a
large,
complex software project within AT&T. We entered the captured event
data
into a database and ran several queries against the data. The queries
implement a variety of analyses on the event data by examining
relationships
among events, such as dependencies and time intervals. The output of
the
queries are statistical data that can be used to guide the design of
process
improvements. While the data we collected in the study are incomplete,
our
initial results demonstrate the viability of this approach to capture
and
analysis.
Second
International Conference on the Software Process,
Berlin, Germany, February 1993, pp. 115-124.
R. Kadia (pseudonym for several authors, including Alexander L. Wolf)
This paper presents some of the more
significant technical lessons that the Arcadia project has learned
about developing effective software development environments. The
principal components of the Arcadia-1 architecture are capabilities for
process definition and execution, object management, user interface
development and management, measurement and evaluation, language
processing, and analysis and testing. In simultaneously and
cooperatively developing solutions in these areas we learned several
key lessons. Among them: the need to combine and apply heterogenous
componentry, multiple techniques for developing components, the
pervasive need for rich type models, the need for supporting dynamism
(and at what granularity), the role and value of concurrency, and the
role and various forms of event-based control integration mechanisms.
These lessons are explored in the paper. SIGSOFT '92:
Fifth Symposium on Software Development Environments, Washington,
DC, December 1992, pp. 169-180.
Dewayne E. Perry and Alexander L. Wolf
The purpose of this
paper is to build the foundation for software architecture. We first
develop an intuition for software architecture by appealing to several
well-established architectural disciplines. On the basis of this
intuition, we present a model of software architecture that consists
of three components: elements, form, and rationale. Elements are
either processing, data, or connecting elements. Form is defined in
terms of the properties of, and the relationships among, the
elements -- that is, the constraints on the elements. The rationale
provides the underlying basis for the architecture in terms of the
system constraints, which most often derive from the system
requirements. We discuss the components of the model in the context
of both architectures and architectural styles and present an extended
example to illustrate some important architecture and style
considerations. We conclude by presenting some of the benefits of our
approach to software architecture, summarizing our contributions, and
relating our approach to other current work.
ACM SIGSOFT
Software Engineering Notes, vol. 17, no. 4,
October 1992, pp. 40-52. Winner of a
2011 ACM SIGSOFT Impact Award.
Jack C. Wileden, Alexander L. Wolf, William R. Rosenblatt, and Peri L.
Tarr
Support for
interoperability is becoming increasingly important with
the advent of more and larger evolving, heterogeneous computing
systems. By interoperability we mean the ability of two or more
programs to communicate or work together despite having been written
in different languages or language dialects. Frequently,
interoperability also implies communication between two or more
different execution domains, which may range from different run-time
support systems within a single processor to physically distinct
processors within a distributed computing system.
Communications
of the ACM, vol. 34, issue 5, May 1991,
pp. 72-87.
David S. Rosenblum and Alexander L. Wolf
A prominent
stumbling block in the spread of the C++ programming language has
been a lack of programming and analysis tools to aid development and
maintenance of C++ systems. One way to make the job of tool developers
easier
and to increase the quality of the tools they create is to factor out
the
common components of tools and provide the components as easily
(re)used
building blocks. Those building blocks include lexical, syntactic, and
semantic analyzers, tailored database derivers, code annotators and
instrumentors, and code generators. From these building blocks, tools
such
as structure browsers, data-flow analyzers, program\specification
verifiers,
metrics collectors, compilers, interpreters, and the like can be built
more
easily and cheaply. We believe that for C++ programming and analysis
tools
the most primitive building blocks are centered around a common
representation
of semantically analyzed C++ code.
In this paper we
describe such a representation, called Reprise
(REPResentation Including SEmantics). The conceptual model underlying
Reprise
is based on the use of expressions to capture all semantic information
about
both the C++ language and code written in C++. The expressions can be
viewed
as forming a directed graph, where there is an explicit connection from
each
use of an entity to the declaration giving the semantics of that
entity. We
elaborate on this model, illustrate how various features of C++ are
represented, discuss some categories of tools that would create and
manipulate
Reprise representations, and briefly describe our current
implementation.
This paper is not intended to provide a complete definition of Reprise.
Rather, its purpose is to introduce at a high level the basic approach
we are
taking in representing C++ code.
Third C++
Technical Conference, Washington, DC, April 1991,
pp. 119-134.
Jack C. Wileden, Lori A. Clarke, and Alexander L. Wolf
Although
prototyping has long been touted as a potentially valuable
software engineering activity, it has never achieved widespread use by
developers of large-scale, production software. This is probably due
in part to an incompatibility between the languages and tools
traditionally available for prototyping (e.g., LISP or Smalltalk) and
the needs of large-scale-software developers, who must construct and
experiment with large prototypes. The recent surge of interest in
applying prototyping to the development of large-scale, production
software will necessitate improved prototyping languages and tools
appropriate for constructing and experimenting with large, complex
prototype systems. We explore techniques aimed at one central aspect
of prototyping that we feel is especially significant for large
prototypes, namely that aspect concerned with the definition of data
objects. We characterize and compare various techniques that might be
useful in defining data objects in large prototype systems, after
first discussing some distinguishing characteristics of large
prototype systems and identifying some requirements that they
imply. To make the discussion more concrete, we describe our
implementations of three techniques that represent different
possibilities within the range of object definition techniques for
large prototype systems.
ACM Transactions
on Programming Languages and Systems, vol. 12, no. 4,
October 1990, pp. 670-699.
William R. Rosenblatt, Jack C. Wileden, and Alexander L. Wolf
Three important
goals of next generation software development
environments (SDEs) are extensibility, integration and broad
scope. Our work on OROS is predicated on the hypothesis that a type
model, incorporated into an environment's object manager, can
contribute to achieving those goals. This paper reports on an attempt
at applying object-oriented typing concepts in the domain of software
development environments. We believe that the result is a type model
that has properties of interest both to software environment builders
and also to builders and users of object-oriented systems in general.
Object Oriented
Programming Systems Languages and Applications
(OOPSLA '89), New Orleans, Louisiana, October 1989, pp. 297-304.
Alexander L. Wolf, Lori A. Clarke, and Jack C. Wileden
The AdaPIC tool
set, an important component of an Ada software
development environment, is discussed. The AdaPIC tool set is one
particular instantiation, specifically adapted for use with Ada, of
the more general collection of language features and analysis
capabilities that constitute the PIC approach to describing and
analyzing relationships among software system components. This tool
set is being tailored to support an incremental approach to the
interface control aspects of the software development
process. Following a discussion of the PIC interface control and
incremental development concepts, the AdaPIC tool set is described,
concentrating on its analysis tools and support for incremental
development and demonstrating how it contributes to the technology for
developing large Ada software systems.
IEEE
Transactions on Software Engineering, vol. 15, no. 3, March 1989,
pp. 250-263.
Jack C. Wileden, Alexander L. Wolf, Charles D. Fisher, and Peri L. Tarr
Defining, creating,
and manipulating persistent typed objects will be
central activities in future software environments. PGRAPHITE is a
working prototype through which we are exploring the requirements for
the persistent object capability of an object management system in the
Arcadia software environment. PGRAPHITE represents both a set of
abstractions that define a model for dealing with persistent objects
in an environment and a set of implementation strategies for realizing
that model. PGRAPHITE currently provides a type definition mechanism
for one important class of types, namely directed graphs, and the
automatic generation of Ada implementations for the defined types,
including their persistence capabilities. We present PGRAPHITE,
describe and motivate its model of persistence, outline the
implementation strategies that it embodies, and discuss some of our
experience with the current version of the system.
SIGSOFT '88:
Third Symposium on Software Development Environments,
Boston, Massachusetts, November 1988, pp. 130-142. Winner of the Best
Paper Award.
Richard N. Taylor, Frank C. Belz, Lori A. Clarke, Leon J. Osterweil,
Richard W. Selby, Jack C. Wileden, Alexander L. Wolf, and Michael Young
Early software
environments have supported a narrow range of
activities (programming environments) or else been restricted to a
single "hard-wired" software development process. The Arcadia research
project is investigating the construction of software environments
that are tightly integrated, yet flexible and extensible enough to
support experimentation with alternative software processes and
tools. This has led us to view an environment as being composed of two
distinct, cooperating parts. One is the variant part, consisting of
process programs and the tools and objects used and defined by those
programs. The other is the fixed part, or infrastructure, supporting
creation, execution, and change to the constituents of the variant
part. The major components of the infrastructure are a process
programming language and interpreter, object management system, and
user interface management system. Process programming facilitates
precise definition and automated support of software development and
maintenance activities. The object management system provides typing,
relationships, persistence, distribution and concurrency control
capabilities. The user interface management system mediates
communication between human users and executing processes, providing
pleasant and uniform access to all facilities of the
environment. Research in each of these areas and the interaction among
them is described.
SIGSOFT '88:
Third Symposium on Software Development Environments,
Boston, Massachusetts, November 1988, pp. 1-13.
Jack C. Wileden, Lori A. Clarke, and Alexander L. Wolf
The UMass Software
Development Laboratory (SDL), in collaboration with
our colleagues in the Arcadia consortium, is working toward the
development of advanced software environments. An important goal of
this work is to support research on software processes. It is
increasingly clear that such research must be based on experimental,
exploratory, prototyping activities. It is equally clear that process
prototyping will require a corresponding ability to rapidly produce
and easily modify prototype software environments. As a result, one
important element of SDL's environment research has been the
development of appropriate tools and techniques to facilitate
environment prototyping.
4th
International Software Process Workshop, Devon, England,
May 1988, pp. 163-166.
Alexander L. Wolf, Lori A. Clarke, and Jack C. Wileden
A formal model for
describing and evaluating visibility control
mechanisms is introduced. The model reflects a general view of
visibility in which the concepts of requisition of access and provision
of access are distinguished. This model provides a means for
characterizing and reasoning about the various properties of visibility
control mechanisms. Specifically, the notion of preciseness is defined.
The utility of the model is illustrated by using it to evaluate and
compare the relative strengths and weaknesses, with respect to
preciseness, of the visibility control mechanisms found in Algol 60,
Ada, Gypsy, and an approach called PIC, which specifically addresses
the concerns of visibility control in large software systems.
IEEE
Transactions on Software Engineering, vol. 14, no. 4, April 1988,
pp. 512-520.
Alexander L. Wolf, Lori A. Clarke, and Jack C. Wileden
The PIC environment
is designed to provide support for interface
control that facilitates incremental development of a software
system. Interface control, the description and analysis of
relationships among system components, is important from the earliest
stages of the software development process right through to the
implementation and maintenance stages. Incremental development,
wherein a software system is produced through a sequence of relatively
small steps and progress may be rigorously and thoroughly assessed
after each step, must be accommodated by any realistic model of the
software development process. This paper focuses on the analysis
component of the PIC environment and demonstrates how it contributes
to precise interface control capabilities while supporting an
incremental software development process.
8th
International Conference on Software Engineering, London,
England, August 1985, pp. 75-82.
A later version
appears here.
Alexander L. Wolf, Lori A. Clarke, and Jack C. Wileden
Specialized
language features and an integrated set of tools can help
developers of a large software system describe, analyze, organize, and
manage its many modules. We are developing an environment, based upon
Ada, for programming-in-the-large. This environment relies upon a
small number of specialized language features and an integrated set of
tools; both have been carefully tailored to support incremental
development and apply to allphases in the software life cycle. IEEE
Software, vol. 2, no. 2, March 1985,
pp. 58-71.
Lori A. Clarke, Jack C. Wileden, and Alexander L. Wolf
Given a data
abstraction construct like the Ada package and in light
of current thoughts on programming methodology, we feel that nesting
is an anachronism. In this paper we propose a nest-free program style
for Ada that eschews nested program units and declarations within
blocks and instead heavily utilizes packages and context
specifications as mechanisms for controlling visibility. We view this
proposal as a first step toward the development of programming methods
that exploit the novel language features available in
Ada. Consideration of this proposal's ramifications for data flow,
control flow, and overall program structure substantiates our
contention that a tree structure is seldom a natural representation of
a program and that nesting therefore generally interferes with program
development and readability.
ACM-SIGPLAN
Symposium on the Ada Programming Language,
Boston, Massachusetts, December 1980, pp. 139-145.
Demo: The SABER System for Window-Based Hybrid Stream Processing with GPGPUs
FLICK: Developing and Running Application-Specific Network Services
Dynamic Placement of Composite Software Services in Hybrid Wireless Networks
Inferring Network Topologies in MANETs Applied to Service Redeployment
Delay Tolerant Harvesting of Monitoring Data for MANET-Hosted
Service-Based Systems
On-Demand Discovery of Software Service Dependencies in MANETs
Measuring the Mixing Time of a Network
NetAgg: Using Middleboxes for Application-Specific
On-Path Aggregation in Data Centres
Scalable Routing for Tag-Based Information-Centric Networking
Is Information-Centric
Multi-Tree Routing Feasible?
Supporting
Application-Specific In-Network Processing in Data Centres
Discovering Service
Dependencies in Mobile Ad Hoc Networks
Fault Localization
in MANET-Hosted Service-Based Systems
NaaS:
Network-as-a-Service in the Cloud
A Content-Based
Publish/Subscribe Matching Algorithm for 2D Spatial Objects
A Process for
Documenting Variability Design
Rationale of Flexible and Adaptive PLAs
Change Impact
Analysis
in Product-Line Architectures
Content-Based
Publish/Subscribe Networking and Information-Centric Networking
Multiplicity
Computing: A Vision of Software Engineering for Next-Generation
Computing Platform Applications
Toward Deeply
Adaptive Societies of Digital Systems
Evaluating Test Suites and Adequacy
Criteria Using Simulation-Based Models of Distributed Systems
Four Enhancements
to Automated Distributed System Experimentation Methods
Determining
the
Impact
of
Software
Engineering
Research
on
Practice
Frame
Shared Memory: Line-Rate Networking on Commodity
Hardware
Deployment and
Dynamic Reconfiguration Planning for Distributed Software Systems
Simulation-Based
Test Adequacy Criteria for Distributed Systems
Understanding
Content-Based Routing Schemes
DV/DRP: A
Content-Based Networking Protocol for Sensor Networks
On Relating
Functional Specifications to Architectural Specifications:
A Case Study
Automating
Experimentation on Distributed Testbeds
Editorial:
Introduction to Impact Project Papers
Dealing with
Failures During Failure Recovery of Distributed Systems
Distributed-System
Failures: Observations and Implications for Testing
A Planning Based
Approach to Failure Recovery in Distributed Systems
Using Event-Based
Parsing to Support Dynamic Protocol Evolution
Discovering Models
of Behavior for Concurrent Workflows
A Routing Scheme
for Content-Based Networking
Event-Based
Document Sensing for Insider Threats
Design and
Evaluation of a Support Service for Mobile,
Wireless Publish/Subscribe Applications
Deployment and
Dynamic Reconfiguration Planning for Distributed
Software Systems
A Case for
Test-Code Generation in Model-Driven Systems
The Application of
Dependence Analysis to Software Architecture
Descriptions
Forwarding in a
Content-Based Network
A Lightweight
Infrastructure for Reconfiguring Applications
Software Release
Management for Component-Based Software
Content-Based
Networking: A New Communication Infrastructure
Research Direction
for Developing an Infrastructure for Mobile
& Wireless Systems
An Experience in
Evaluating Publish/Subscribe Services in a Wireless
Network
Reconfiguration in
the Enterprise JavaBean Component Model
Intrusion
Management Using Configurable Architecture Models
A Benchmark Suite
for Distributed Publish/Subscribe Systems
A Testbed for
Configuration Management Policy Programming
Security Issues
and Requirements for Internet-Scale Publish-Subscribe
Systems
The Willow
Architecture: Comprehensive Survivability
for Large-Scale Distributed Applications
The Willow
Survivability Architecture
Design and
Evaluation of a Wide-Area Event Notification Service
Architecture-Level
Dependence Analysis for Software Systems
Bend, Don't Break:
Using Reconfiguration to Achieve Survivability
Annotating
Components to Support Component-Based Static Analyses
of Software Systems
Achieving
Scalability and Expressiveness in an Internet-Scale
Event Notification Service
Static Checking of
System Behaviors Using Derived Component Assumptions
An Infrastructure
for Generating and Sharing Experimental Workloads
for Persistent Object Systems
Foundations for
Software Configuration Management Policies
Using Graph Transformations
Content-Based
Addressing and Routing: A General Model and its Application
Capturing
Architectural Configurability: Variants, Options, and Evolution
A Conceptual Basis
for Feature Engineering
Architecture-Based
Software Engineering
A Framework for
Analyzing Configurations of Deployable Software
Systems
An
Architecture-Based Approach to Self-Adaptive Software
A Cooperative
Approach to Support Software Deployment Using the
Software Dock
Challenges for
Distributed Event Services: Scalability vs. Expressiveness
Software Process
Validation: Quantitatively Measuring the Correspondence
of a Process to a Model
Uncovering
Architectural Mismatch in Component Behavior
Event-Based
Detection of Concurrency
Architecture-Level
Dependence Analysis in Support of Software Maintenance
Versioned Software
Architecture
Issues in
Supporting Event-Based Architectural Styles
Evaluating
Software Deployment Languages and Schema
Investigating the
Applicability of Architecture Description in
Configuration Management and Software Deployment
Cost-Effective
Analysis of In-Place Software Processes
Design of a
Scalable Event Notification Service: Interface and
Architecture
Discovering Models
of Software Processes from Event-Based Data
Requirements for
Software Deployment Languages and Schema
System Modeling
Resurrected
Balboa: A
Framework for Event-Based Process Data Analysis
Feature
Engineering
Aladdin: A Tool
for Architecture-Level Dependence Analysis of Software
Systems
A Characterization
Framework for Software Deployment Technologies
Software Process
Modeling and Execution within Virtual Environments
A Highly Effective
Partition Selection Policy for Object Database
Garbage Collection
Software
Architecture, Configuration Management, and Configurable
Distributed Systems: A Ménage a Trois
Chaining: A
Software Architecture Dependence Analysis Technique
A Design Framework
for Internet-Scale Event Observation and Notification
Software Release
Management
Checking
Assumptions in Component Dynamics at the Architectural Level
An Architecture
for Post-Development Configuration Management in a
Wide-Area Network
Succeedings of the
Second International Software Architecture Workshop
Report from the
NSF Workshop on Workflow and Process Automation
in Information Systems
Software Testing
at the Architectural Level
Succeedings of the
8th International Workshop on Software Specification
and Design
Software in the
Field Needs Process Too
Semi-automatic,
Self-adaptive Control of Garbage Collection Rates in Object Databases
Discovery and
Validation of Processes
Language-Based
Support for Metadata
A Facilitator
Method for Upstream Design Activities with Diverse Stakeholders
A Generic,
Peer-to-Peer Repository for Distributed Configuration Management
Post-Deployment
Configuration Management
Generating Testing
and Analysis Tools with Aria
Formal
Specification and Analysis of Software Architectures Using the
Chemical Abstract Machine Model
Automating Process
Discovery through Event-Data Analysis
Does Configuration
Management Research Have a Future?
Toward Metrics for
Process Validation
Partition
Selection Policies in Object Database Garbage Collection
Automated
Construction of Testing and Analysis Tools
Software
Configuration Management
Semantic
Synchronization in a Persistent Object System Library
Process-Centered
Environments (Only) Support Environment-Centered Processes
A Study in
Software Process Capture and Analysis
Issues Encountered
in Building a Flexible Software Development Environment: Lessons from
the
Arcadia Project
Foundations for
the Study of Software Architecture
Specification-Level
Interoperability
Representing
Semantically Analyzed C++ Code with Reprise
A Comparative
Evaluation of Object Definition Techniques for Large Prototype Systems
OROS: Towards a
Type Model for Software Development Environments
The AdaPIC Tool
Set: Supporting Interface Control and Analysis Throughout
the Software Development Process
PGRAPHITE: An
Experiment in Persistent Typed Object Management
Foundations for
the Arcadia Environment Architecture
Facilitating
Process Prototyping by Controlling the Impact of Change
A Model of
Visibility Control
Interface Control
and Incremental Development in the PIC Environment
Ada-Based Support
for Programming-in-the-Large
Nesting in Ada
Programs is for the Birds
Alexander L. Wolf | Baskin School of Engineering | University of California, Santa Cruz