Articles Available on the Web

This page contains abstracts of selected articles by Alexander L. Wolf. The abstracts are listed in reverse order of publication date.

Full text of the articles is available either from a digital library through a Digital Object Identifier (DOI) link, or directly by downloading from this site in PDF or compressed Postscript. Retrieve an article by clicking on the format of choice available. Clicking also indicates your unconditional agreement to abide by all applicable copyright agreements.

All technical reports are available here, including those that have been superseded by general publication.

This page was last updated on 30 June 2017.


Topic Index


Networking


Computer Systems


Distributed Systems


Security and Survivability


Software Architecture and Component-Based Systems


Configuration Management


Tools and Environments


Software Process


Feature Engineering


Object Databases


Miscellany


The HARNESS Platform: A Hardware- and Network-Enhanced Software System for Cloud Computing

Jose G.F. Coutinho, Mark Stillwell, Katerina Argyraki, George Ioannidis, Anca Iordache, Christoph Kleineweber, Alexandros Koliousis, John McGlone, Guillaume Pierre, Carmelo Ragusa, Peter Sanders, Thorsten Schütt, Teng Yu, and Alexander L. Wolf

HARNESS is a next generation cloud-computing platform that offers commodity and specialized resources in support of large-scale data processing applications. We focus primarily on application domains that are currently not well supported by today's cloud providers, including the areas of scientific computing, business-analytics, and online machine learning. These applications often require acceleration of critical operations using devices such as FPGAs, GPGPUs, network middleboxes, and SSDs. We explain the architectural principles that underlie the HARNESS platform, including the separation of agnostic and cognizant resource management that allows the platform to be resilient to heterogeneity while leveraging its use. We describe a prototype implementation of the platform, which was evaluated using two testbeds: (1) a heterogeneous compute and storage cluster that includes FPGAs and SSDs and (2) Grid'5000, a large-scale distributed testbed that spans France. We evaluate the HARNESS cloud-computing platform with two applications: Reverse-Time Migration, a scientific computing application from the geosciences domain, and AdPredictor, a machine learning algorithm used in the Bing search engine.

Software Architecture for Big Data and the Cloud, Ivan Mistrik, Rami Bahsoon, Nour Ali, Maritta Heisel, Bruce Maxim (editors), Morgan Kaufmann, 2017, pp. 323-351.


Inferring Network Topologies in MANETs: Application to Service Redeployment

Simone Silvestri, Brett Holbert, Petr Novotny, Thomas La Porta, Alexander L. Wolf, and Ananthram Swami

The heterogeneous and dynamic nature of tactical coalition networks poses several challenges to common network management tasks, due to the lack of complete and accurate network information. We consider the problem of rede- ploying services in mobile tactical networks. We propose M-iTop, an algorithm for inferring the network topology when only partial information is available. M-iTop initially constructs a virtual topology that overestimates the number of network components and then repeatedly merges links in this topology to resolve it towards the structure of the true network. We also propose an iterative service redeployment (iSR) algorithm for service redeployment in tactical networks. Extensive simulations show that M-iTop and iSR allow an efficient redeployment of services over the network despite the limitation of partial information.

Advances in Computer Communications and Networks - From Green, Mobile, Pervasive Networking to Big Data Computing, Kewei Sha, Aaron Striegel, and Min Song (editors), River Publishers, 2017, pp. 127-154.


Relation-Oriented Resource Allocation for Multi-Accelerator Systems

Teng Yu, Bo Feng, Mark Stillwell, Jose Gabriel F. Coutinho, Wenlai Zhao, Shuang Liang, Wayne Luk, Alexander L. Wolf, and Yuchun Ma

This paper presents a novel approach for allocating resources in systems with multiple accelerators. It has three main contributions. First, a new model based on Birkhoff's representation theory in capturing the ordering properties of resource allocation requests (RArs). Second, an effective technique for resource allocation based on this model, targeting systems with multiple accelerators. Third, the evaluation of the proposed approach for Maxeler MPC-X multi-accelerator systems, demonstrating time-efficiency and 30%-50% failure-rate decrease (FRD) on random input dataset.

IEEE 27th International Conference on Application-Specific Systems, Architectures and Processors, London, UK, July 2016, pp. 243-244.


Saber: Window-Based Hybrid Stream Processing for Heterogeneous Architectures

Alexandros Koliousis, Matthias Weidlich, Raul Castro Fernandez, Alexander L. Wolf, Paolo Costa, and Peter Pietzuch

Modern servers have become heterogeneous, often combining multi-core CPUs with many-core GPGPUs. Such heterogeneous architectures have the potential to improve the performance of data-intensive stream processing applications, but they are not supported by current relational stream processing engines. For an engine to exploit a heterogeneous architecture, it must execute streaming SQL queries with sufficient data-parallelism to fully utilise all available heterogeneous processors, and decide how to use each in the most effective way. It must do this while respecting the semantics of streaming SQL queries, in particular with regard to window handling.

We describe Saber, a hybrid high-performance relational stream processing engine for CPUs and GPGPUs. Saber executes window-based streaming SQL queries in a data-parallel fashion using all available CPU and GPGPU cores. Instead of statically assigning query operators to heterogeneous processors, Saber employs a new adaptive heterogeneous lookahead scheduling strategy, which increases the share of queries executing on the processor that yields the highest performance. To hide data movement costs, Saber pipelines the transfer of stream data between different memory types and the CPU/GPGPU. Our experimental comparison against state-of-the-art engines shows that Saber increases processing throughput while maintaining low latency for a wide range of streaming SQL queries with small and large windows sizes.

ACM SIGMOD International Conference on Management of Data, San Francisco, California, June 2016, pp. 555-569.


Demo: The SABER System for Window-Based Hybrid Stream Processing with GPGPUs

Alexandros Koliousis, Matthias Weidlich, Raul Castro Fernandez, Alexander L. Wolf, Paolo Costa, and Peter Pietzuch

Heterogeneous architectures that combine multi-core CPUs with many-core GPGPUs have the potential to improve the performance of data-intensive stream processing applications. Yet, a stream pro- cessing engine must execute streaming SQL queries with sufficient data-parallelism to fully utilise the available heterogeneous proces- sors, and decide how to use each processor in the most effective way. Addressing these challenges, we demonstrate SABER, a hybrid high-performance relational stream processing engine for CPUs and GPGPUs. SABER executes window-based streaming SQL queries in a data-parallel fashion and employs an adaptive scheduling strategy to balance the load on the different types of processors. To hide data movement costs, SABER pipelines the transfer of stream data between CPU and GPGPU memory. In this paper, we review the design principles of SABER in terms of its hybrid stream processing model and its architecture for query execution. We also present a web front-end that monitors processing throughput.

10th ACM International Conference on Distributed and Event-Based Systems, Irvine, California, June 2016, pp 354-357.


FLICK: Developing and Running Application-Specific Network Services

Abdul Alim, Richard G. Clegg, Luo Mai, Lukas Rupprecht, Eric Seckler, Paolo Costa, Peter Pietzuch, Alexander L. Wolf, Nik Sultana, Jon Crowcroft, Anil Madhavapeddy, Andrew Moore, Richard Mortier, Masoud Koleni, Luis Oviedo, Matteo Migliavacca, and Derek McAuley

Data centre networks are increasingly programmable, with application-specific network services proliferating, from custom load-balancers to middleboxes providing caching and aggregation. Developers must currently implement these services using traditional low-level APIs, which neither support natural operations on application data nor provide efficient performance isolation.

We describe FLICK, a framework for the programming and execution of application-specific network services on multi-core CPUs. Developers write network services in the FLICK language, which offers high-level processing constructs and application-relevant data types. FLICK programs are translated automatically to efficient, parallel task graphs, implemented in C++ on top of a user-space TCP stack. Task graphs have bounded resource usage at runtime, which means that the task graphs of multiple services can execute concurrently without interference using efficient cooperative scheduling. We evaluate FLICK with several services (an HTTP load-balancer, a Memcached router and a Hadoop data aggregator), showing that it achieves good performance while reducing development effort.

USENIX Annual Technical Conference, Denver, Colorado, June 2016.


Dynamic Placement of Composite Software Services in Hybrid Wireless Networks

Petr Novotny, Rahul Urgaonkar, Alexander L. Wolf, and Bong Jun Ko

The dynamic environment of hybrid mobile and fixed wireless networks used in military operations poses significant challenges in the efficient provisioning of software functionality to application clients. With their transient topology, the software services hosted on mobile nodes may become temporarily unavailable or the cost of transferring data across the network may become too high. To address this problem we have designed a placement technique that allows the dynamic repositioning of services within the network as it evolves. The technique repositions services in reaction to changes in network topology as well as in various system properties, such as service dependencies or the workload generated by application clients. In our approach we use a multi-layer model to represent a service-based software system embedded in a network topology. We apply constraint programming and its linear programming relaxation to solve the model to find where best to place or reposition the services. We evaluate the technique in terms of its effectiveness and cost under various simulated operational conditions.

IEEE Military Communications Conference, Tampa, Florida, October 2015, pp. 1052-1057.


Inferring Network Topologies in MANETs Applied to Service Redeployment

Simone Silvestri, Brett Holbert, Petr Novotny, Thomas La Porta, Alexander L. Wolf, and Ananthram Swami

The heterogeneous and dynamic nature of tactical coalition networks poses several challenges to common network management tasks, due to the lack of complete and accurate network information. In this paper, we consider the problem of redeploying services in mobile tactical networks. We propose M-iTop, an algorithm for inferring the network topology when only partial information is available. M-iTop initially constructs a virtual topology that overestimates the number of network components, and then repeatedly merges links in this topology to resolve it towards the structure of the true network. We perform extensive simulations and show that M-iTop enables an efficient redeployment of services over the network despite the limitation of partial information.

24th International Conference on Computer Communication and Networks, Las Vegas, Nevada, August 2015.

A later version appears here.


Delay Tolerant Harvesting of Monitoring Data for MANET-Hosted Service-Based Systems

Petr Novotny, Bong Jun Ko, and Alexander L. Wolf

We are concerned with reliably harvesting data used to monitor a service-based system hosted in a mobile ad hoc network (MANET) environment. These data are time-bounded, time-sensitive time-series data recorded by individual hosts in the network. Harvesting is used to gather the data for global time-series analyses, such as fault localization. The MANET environment challenges data harvesting, due to the inherently unstable and unpredictable connectivity and the resource limitations of wireless devices. We present an epidemic, delay tolerant method to improve the availability of time-series monitoring data in the presence of network instabilities, asymmetries, and partitions. The method establishes a network-wide synchronization overlay to incrementally and efficiently move data to intermediate nodes. We have implemented the algorithm in Java EE and evaluated it in the CORE and EMANE MANET emulation environments.

12th IEEE International Conference on Services Computing, New York, New York, June 2015, pp. 9-16.


On-Demand Discovery of Software Service Dependencies in MANETs

Petr Novotny, Bong Jun Ko, and Alexander L. Wolf

The dependencies among the components of service-oriented software applications hosted in a mobile ad hoc network (MANET) are difficult to determine due to the inherent loose coupling of the services and the transient communication topologies of the network. Yet understanding these dependencies is critical to making good management decisions, since dependence data underlie important analyses such as fault localization and impact analysis. Current methods for discovering dependencies, developed primarily for fixed networks, assume that dependencies change only slowly and require relatively long monitoring periods as well as substantial memory and communication resources, all of which are impractical in the MANET environment. We describe a new dynamic dependence discovery method designed specifically for this environment, yielding dynamic snapshots of dependence relationships discovered through observations of service interactions. We evaluate the performance of our method in terms of the accuracy of the discovered dependencies, and draw insights on the selection of critical parameters under various operational conditions. Although operated under more stringent conditions, our method is shown to provide results comparable to or better than existing methods.

IEEE Transactions on Network and Service Management, vol. 12, no. 2, June 2015, pp. 278-292.


Measuring the Mixing Time of a Network

Xenofon Foukas, Antonio Carzaniga, and Alexander L. Wolf

Mixing time is a global property of a network that indicates how fast a random walk gains independence from its starting point. Mixing time is an essential parameter for many distributed algorithms, but especially those based on gossip. We design, implement, and evaluate a distributed protocol to measure mixing time. The protocol extends an existing algorithm that models the diffusion of information seen from each node in the network as the impulse response of a particular dynamic system. In its original formulation, the algorithm was susceptible to topology changes (or "churn") and was evaluated only in simulation. Here we present a concrete implementation of an enhanced version of the algorithm that exploits multiple parallel runs to obtain a robust measurement, and evaluate it using a network testbed (Emulab) in combination with a peer-to-peer system (FreePastry) to assess both its performance and its ability to deal with network churn.

IEEE Conference on Computer Communications, Hong Kong, China, April 2015, pp. 2749-2757.


NetAgg: Using Middleboxes for Application-Specific On-Path Aggregation in Data Centres

Luo Mai, Lukas Rupprecht, Abdul Alim, Paolo Costa, Matteo Migliavacca, Peter Pietzuch, and Alexander L. Wolf

Middleboxes have become pervasive in data centre networks. While various functions, such as firewalling, load-balancing and routing, are already benefiting from consolidation onto generic and programmable middlebox platforms, existing platforms are restricted to application-independent network functions. We argue that this limited view of middlebox functionality misses opportunities for improving the performance of network-bound distributed applications.

Instead, we explore the use of middleboxes for offering functions that take application semantics into account. We describe NetAgg, a software-based middlebox platform for application-specific on-path aggregation of network flows to improve application performance. Aggregation middleboxes (agg boxes) residing in the network topology serve to aggregate flows according to functions provided by applications. This alleviates network hotspots because only a fraction of the aggregatable traffic is forwarded by each agg box. To minimise application changes, NetAgg uses shim layers on edge servers to redirect traffic to the agg boxes. Our experiments show that NetAgg can substantially improve the throughput of both online (Apache Solr) and batch (Apache Hadoop) applications, with only a modest investment cost.

10th International Conference on Emerging Networking Experiments and Technologies, Sydney, Australia, December 2014, pp. 249-262.

Nominated for Best Paper Award.


Scalable Routing for Tag-Based Information-Centric Networking

Michele Papalini, Antonio Carzaniga, Koorosh Khazaei, and Alexander L. Wolf

Routing in information-centric networking remains an open problem. The main issue is scalability. Traditional IP routing can be used with name prefixes, but it is believed that the number of prefixes will grow too large. A related problem is the use of per-packet in-network state (to cut loops and return data to consumers). We develop a routing scheme that solves these problems. The service model of our information-centric network supports information pull and push using tag sets as information descriptors. Within this service model, we propose a routing scheme that supports forwarding along multiple loop-free paths, aggregates addresses for scalability, does not require per-packet network state, and leads to near-optimal paths on average. We evaluate the scalability of our routing scheme, both in terms of memory and computational complexity, on the full Internet AS-level topology and on the internal networks of representative ASes using realistic distributions of content and users extrapolated from traces of popular applications. For example, a population of 500 million users requires a routing information base of 3.8GB with an almost flat growth and, in this case, a routing update (one content descriptor) can be processed in 2ms on commodity hardware. We conclude that information-centric networking is feasible, even with (or perhaps thanks to) addresses consisting of expressive content descriptors.

1st ACM SIGCOMM Conference on Information-Centric Networking, Paris, France, September 2014, pp. 17-26.


Is Information-Centric Multi-Tree Routing Feasible?

Antonio Carzaniga, Koorosh Khazaei, Michele Papalini, and Alexander L. Wolf

We have argued that an information-centric network should natively support publish/subscribe event notification in addition to on-demand content delivery. We have also argued that both primitives could use the same forwarding information base and, furthermore, that both primitives can easily support addresses that are more expressive than simple hierarchical names. In this paper we present a concrete routing scheme that realizes this: "push" as well as "pull" communication; anycast as well as multicast; and descriptor-based (as opposed to name-based) addressing. The scheme is founded on multiple tree covers that can be arranged and composed hierarchically following the structure of network domains. On each tree, the scheme combines addresses so as to reduce forwarding state. We demonstrate the feasibility and scalability of the scheme through simulations on Internet-scale workloads in realistic network settings.

ACM SIGCOMM Workshop on Information-Centric Networking, Hong Kong, China, August 2013, pp. 3-8.

Winner of Best Paper Award.


Supporting Application-Specific In-Network Processing in Data Centres

Luo Mai, Lukas Rupprecht, Paolo Costa, Matteo Migliavacca, Peter Pietzuch, and Alexander L. Wolf

Modern data centers (DCs) host a range of distributed applications that handle large amounts of data and high numbers of concurrent requests through "scale out" -- computation is executed in a parallel fashion by distributing data across a large number of machines. Typically, such applications operate on the data following a partition/aggregate paradigm: In the partition phase, a master node partitions a job into sub-tasks that are scheduled on different worker nodes for concurrent execution. Each worker operates on a subset of data and generates partial results locally. In the aggregate phase, the partial results generated by the mappers are collected and aggregated by one or more reducers. During the aggregation phase a large number of many-to-few network flows are generated. This traffic pattern is hard to support with traditional infrastructures due to network over-subscription in the core and the limited bandwidth available at the end host. Recently, triggered by the availability of multi-core CPUs at low cost, there has been a renewed interest in software-based routers, which replace the traditional operations of switches and routers with custom software implementations. We argue that the flexibility provided by these implementations should be offered to tenants to implement part of the application logic in the network. We refer to this approach as Network-as-a-Service (NaaS) because it exposes networking as a service to the application to improve network usage and thus mitigate bandwidth scarcity by permitting in-network processing of data.

2013 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM 2013 Poster), Hong Kong, China, August 2013, pp. 519-520.


Discovering Service Dependencies in Mobile Ad Hoc Networks

Petr Novotny, Alexander L. Wolf, and Bong Jun Ko

The combination of service-oriented applications, with their run-time service binding, and mobile ad hoc networks, with their transient communication topologies, brings a new level of complex dynamism to the structure and behavior of software systems. This complexity challenges our ability to understand the dependence relationships among system components when performing analyses such as fault localization and impact analysis. Current methods of dynamic dependence discovery, developed for use in fixed networks, assume that dependencies change slowly. Moreover, they require relatively long monitoring periods as well as substantial memory and communication resources, which are impractical in the mobile ad hoc network environment. We describe a new method, designed specifically for this environment, that allows the engineer to trade accuracy against cost, yielding dynamic snapshots of dependence relationships. We evaluate our method in terms of the accuracy of the discovered dependencies.

IFIP/IEEE International Symposium on Integrated Network Management, Ghent, Belgium, May 2013, pp. 527-533.

A later version appears here.


Fault Localization in MANET-Hosted Service-Based Systems

Petr Novotny, Alexander L. Wolf, and Bong Jun Ko

Fault localization in general refers to a technique for identifying the likely root causes of failures observed in systems formed from components. Fault localization in systems deployed on mobile ad hoc networks (MANETs) is a particularly challenging task because those systems are subject to a wider variety and higher incidence of faults than those deployed in fixed networks, the resources available to track fault symptoms are severely limited, and many of the sources of faults in MANETs are by their nature transient. We present a method for localizing the faults occurring in service-based systems hosted on MANETs. The method is based on the use of dependence data that are discovered dynamically through decentralized observations of service interactions. We employ both Bayesian and timing-based reasoning techniques to analyze the data in the context of a specific fault propagation model, deriving a ranked list of candidate fault locations. We present the results of an extensive set of experiments exploring a wide range of operational conditions to evaluate the accuracy of our method.

31st International Symposium on Reliable Distributed Systems, Irvine, California, October 2012, pp. 243-248.


NaaS: Network-as-a-Service in the Cloud

Paolo Costa, Matteo Migliavacca, Peter Pietzuch, and Alexander L. Wolf

Cloud computing realises the vision of utility computing. Tenants can benefit from on-demand provisioning of computational resources according to a pay-per-use model and can outsource hardware purchases and maintenance. Tenants, however, have only limited visibility and control over network resources and even for simple tasks tenants must resort to inefficient overlay networks. To address these shortcomings, we propose Network-as-a-Service (NaaS), a paradigm that integrates current cloud computing offerings with direct yet secure access to the network infrastructure by tenants. NaaS-enabled tenants can easily deploy custom routing and multicast protocols. Further, by modifying the content of packets on-path, they can efficiently implement advanced network services, such as in-network data aggregation, redundancy elimination and smart caching. We discuss applications that can benefit from NaaS, motivate the functionality required by NaaS, and sketch a possible implementation and programming model that can be supported by current technology. Our initial simulation study suggests that, even with limited processing capability at network switches, NaaS can significantly increase application throughput and reduce network traffic.

2nd USENIX Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services, San Jose, California, April 2012.


A Content-Based Publish/Subscribe Matching Algorithm for 2D Spatial Objects

Athanasios Konstantinidis, Antonio Carzaniga, and Alexander L. Wolf

An important concern in the design of a publish/subscribe system is its expressiveness, which is the ability to represent various types of information in publications and to precisely select information of interest through subscriptions. We present an enhancement to existing content-based publish/subscribe systems with support for a 2D spatial data type and eight associated relational operators, including those to reveal overlap, containment, touching, and disjointedness between regions of irregular shape. We describe an algorithm for evaluating spatial relations that is founded on a new dynamic discretization method and region-intersection model. In order to make the data type practical for large-scale applications, we provide an indexing structure for accessing spatial constraints and develop a simplification method for eliminating redundant constraints. Finally, we present the results of experiments evaluating the effectiveness and scalability of our approach.

ACM/IFIP/USENIX 12th International Middleware Conference, Lisbon, Portugal, December 2011, Lecture Notes in Computer Science 7049, Springer-Verlag, pp. 208-227.


A Process for Documenting Variability Design Rationale of Flexible and Adaptive PLAs

Jessica Diaz, Jennifer Perez, Juan Garbajosa, and Alexander L. Wolf

Variability is a means for evolution of component-based architectures, driving flexible and adaptive architectures. In recent years, researches have emphasized the need for documenting architectural knowledge to maintain and evolve software, i.e. the need for documenting not only the design of the solution, but also the decisions driving the design and their rationale. However, few approaches document the architectural knowledge behind variability, known as variability design rationale. This paper presents the process for documenting variability design rationale of flexible and adaptive architectures alongside their architectural description. This process is supported by the metamodels Flexible-PLA and Product-Line Architectural Knowledge which define the modeling primitives to completely describe the structure of product-line architectures and to document variability design rationale, respectively. The tool FPLA implements these modeling primitives supporting the specification of architectural models ready to be involved in a model-driven development process. It is illustrated with an example.

Second International Workshop on Variability, Adaptation and Dynamism in Software Systems and Services, Hersonissos, Crete, Greece, October 2011, Lecture Notes in Computer Science 7046, Springer-Verlag, pp. 612-621.


Change Impact Analysis in Product-Line Architectures

Jessica Diaz, Jennifer Perez, Juan Garbajosa, and Alexander L. Wolf

Change impact analysis is fundamental in software evolution, since it allows one to determine potential effects upon a system resulting from changing requirements. While prior work has generically considered change impact analysis at architectural level, there is a distinct lack of support for the kinds of architectures used to realize software product lines, so-called product-line architectures (PLAs). In particular, prior approaches do not account for variability, a specific characteristic of software product lines. This paper presents a new technique for change impact analysis that targets product-line architectures. We propose to join a traceability-based algorithm and a rule-based inference engine to effectively traverse modeling artifacts that account for variability. In contrast to prior approaches, our technique supports the mechanisms for (i) specifying variability in PLAs, (ii) documenting PLA knowledge, and (iii) tracing variability between requirements and PLAs. We demonstrate our technique by applying it to the analysis of requirements changes in the product-line architecture of a banking system.

5th European Conference on Software Architecture, Essen, Germany, September 2011, Lecture Notes in Computer Science 6903, Springer-Verlag, pp. 114-129.


Content-Based Publish/Subscribe Networking and Information-Centric Networking

Antonio Carzaniga, Michele Papalini, and Alexander L. Wolf

On-line information comes in different forms and is accessed in different ways and for different purposes. For example, a recording of Beethoven’s Ninth Symphony differs from a storm warning from the local weather service. Beethoven’s Ninth is a large media file with perpetual validity that is typically accessed on demand by users. By contrast, a storm warning is a small ephemeral message typically pushed by the weather service to all users in a specific geographic area. We argue that both should and would be well supported by an information-centric network. More specifically we argue three points. First, modern applications, reflecting the nature of human communications, use and transmit large and long-lived files as well as small ephemeral messages. Second, accessing those two types of information involves significantly different operations within the network. Third, despite their differences, both types of information would benefit from an addressing scheme based on content rather than on more or less flat identifiers, which means that both should be integrated to some extent within a unified content-based routing infrastructure.

ACM SIGCOMM Workshop on Information-Centric Networking, Toronto, Canada, August 2011, pp. 81-86.


Multiplicity Computing: A Vision of Software Engineering for Next-Generation Computing Platform Applications

Cristian Cadar, Peter Pietzuch, and Alexander L. Wolf

New technologies have recently emerged to challenge the very nature of computing: multicore processors, virtualized operating systems and networks, and data-center clouds. One can view these technologies as forming levels within a new, global computing platform. We aim to open a new area of research, called multiplicity computing, that takes a radically different approach to the engineering of applications for this platform. Unlike other efforts, which are largely focused on innovations within specific levels, multiplicity computing embraces the platform as a virtually unlimited space of essentially redundant resources. This space is formed as a whole from the cross product of resources available at each level in the platform, offering a "multiplicity" of end-to-end resources. We seek to discover fundamentally new ways of exploiting the combinatorial multiplicity of computational, communication, and storage resources to obtain scalable applications exhibiting improved quality, dependability, and security that are both predictable and measurable.

FSE/SDP Workshop on the Future of Software Engineering Research, Santa Fe, New Mexico, November 2010, pp. 81-86.


Toward Deeply Adaptive Societies of Digital Systems

Antonio Carzaniga, Giovanni Denaro, Mauro Pezze, Jacky Estublier, and Alexander L. Wolf

Modern societies are pervaded by computerized, heterogeneous devices designed for specific purposes, but also more and more often capable of interacting with other devices for entirely different purposes. For example, a cell phone could be used to purchase a train ticket on-line that could later be printed by a vending machine at the train station. This type of open environment is what we call a society of digital systems. In this paper, we outline the characteristics of societies of digital systems, and argue that they call for a new approach to cope with unforeseen interactions, possible incompatibilities, failures, and emergent behaviors. We argue that designers can not assume a closed or homogeneous world, and must instead naturally accommodate dynamic adaptations. Furthermore, self-adaptability, that is, the ability to adapt autonomically to a changing environment, also poses problems, as different adaptation strategies may interfere negatively, leading to unstable behaviors. As an initial concrete contribution to solve this problem, we propose a method to support the graceful integration of devices and software systems in an open environment. The method uses management information, and is specifically centered on the idea of expressing self-adaptation operations as change sets over the managementinformation base.

31st International Conference on Software Engineering (ICSE '09) New Ideas and Emerging Results Track, Vancouver, Canada, May 2009, pp. 331-334.


Evaluating Test Suites and Adequacy Criteria Using Simulation-Based Models of Distributed Systems

Matthew J. Rutherford, Antonio Carzaniga, and Alexander L. Wolf

Test adequacy criteria provide the engineer with guidance on how to populate test suites. While adequacy criteria have long been a focus of research, existing testing methods do not address many of the fundamental characteristics of distributed systems, such as distribution topology, communication failure, and timing. Furthermore, they do not provide the engineer with a means to evaluate the relative effectiveness of different criteria, nor the relative effectiveness of adequate test suites satisfying a given criterion. This paper makes three contributions to the development and use of test adequacy criteria for distributed systems: (1) a testing method based on discrete-event simulations; (2) a fault-based analysis technique for evaluating test suites and adequacy criteria; and (3) a series of case studies that validate the method and technique. The testing method uses a discrete-event simulation as an operational specification of a system, in which the behavioral effects of distribution are explicitly represented. Adequacy criteria and test cases are then defined in terms of this simulation-based specification. The fault-based analysis involves mutation of the simulation-based specification to provide a foil against which test suites and the criteria that formed them can be evaluated. Three distributed systems were used to validate the method and technique, including DNS, the Domain Name System.

IEEE Transactions on Software Engineering, vol. 34, no. 4, July/August 2008, pp. 452-470.


Four Enhancements to Automated Distributed System Experimentation Methods

Yanyan Wang, Antonio Carzaniga, and Alexander L. Wolf

Experimentation is an essential tool employed by the developers of software systems, especially distributed systems. In prior work we developed a model-driven framework for automating various experimentation tasks, such as workload generation, and demonstrated that it gives the engineer a cost-effective means to conduct large-scale experiments on distributed testbeds. We have enhanced the methods underlying the framework in four significant ways: (1) increasing the expressiveness of workloads by allowing for conditional and reactive behaviors; (2) supporting the repeatability of experiments through the creation of environment workloads that can control the operational context; (3) enabling the composability of application and environment workloads to obtain a broader class of experiments; and (4) extending the scope of experiment management to include control over multiple runs. We use the enhancements to conduct a series of interesting new experiments. Specifically, the enhancements allow us to manipulate a fixed-wired testbed so that it simulates a mobile-wireless environment, and to selectively and maliciously inject faults into a system.

30th International Conference on Software Engineering (ICSE '08), Leipzig, Germany, May 2008, pp. 491-500.


Determining the Impact of Software Engineering Research on Practice

Leon J. Osterweil, Carlo Ghezzi, Jeff Kramer, and Alexander L. Wolf

The Impact Project provides a solid and scholarly assessment of the impact software engineering research has had on software engineering practice. The assessment takes the form of a series of studies and briefings, each involving literature searches and, where possible, personal interviews.

Computer, vol. 41, no. 3, March 2008, pp. 39-49.


Frame Shared Memory: Line-Rate Networking on Commodity Hardware

John Giacomoni, John K. Bennett, Antonio Carzaniga, Douglas C. Sicker, Manish Vachharajani, and Alexander L. Wolf

Network processors provide an economical programmable platform to handle the high throughput and frame rates of modern and next-generation communication systems. However, these platforms have exchanged general-purpose capabilities for performance.

This paper presents an alternative; a software network processor (Soft-NP) framework using commodity general-purpose platforms capable of high-rate and throughput sequential frame processing compatible with high-level languages and general-purpose operating systems. A cache-optimized concurrent lock free queue provides the necessary low-overhead core-to-core communication for sustained sequential frame processing beyond the realized 1.41 million frames per second (Gigabit Ethernet) while permitting perframe processing time expansion with pipeline parallelism.

3rd ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS '07), Orlando, Florida, December 2007, pp. 27-36.


Deployment and Dynamic Reconfiguration Planning for Distributed Software Systems

Naveed Arshad, Dennis Heimbigner, and Alexander L. Wolf

The quality of software systems are determined in part by their optimal configurations. Optimal configurations are desired when the software is being deployed and during its lifetime. However, initial deployment and subsequent dynamic reconfiguration of a software system is difficult because of the interplay of many interdependent factors, including cost, time, application state, and system resources. As the size and complexity of software systems increases, procedures (manual or automated) that assume a static software architecture and environment are becoming untenable. We have developed a novel technique for carrying out the deployment and reconfiguration planning processes that leverages recent advances in the field of temporal planning. We describe a tool called Planit, which manages the deployment and reconfiguration of a software system utilizing a temporal planner. Given a model of the structure of a software system, the network upon which the system should be hosted, and a goal configuration, Planit will use the temporal planner to devise possible deployments of the system. Given information about changes in the state of the system, network and a revised goal, Planit will use the temporal planner to devise possible reconfigurations of the system. We present the results of a case study in which Planit is applied to a system consisting of various components that communicate across an application-level overlay network.

Software Quality Journal, vol. 15, no. 3, September 2007, pp. 265-281.


Simulation-Based Test Adequacy Criteria for Distributed Systems

Matthew J. Rutherford, Antonio Carzaniga, and Alexander L. Wolf

Developers of distributed systems routinely construct discrete-event simulations to help understand and evaluate the behavior of inter-component protocols. Simulations are abstract models of systems and their environments, capturing basic algorithmic functionality at the same time as they focus attention on properties critical to distribution, including topology, timing, bandwidth, and overall scalability. We claim that simulations can be treated as a form of specification, and thereby used within a specification-based testing regime to provide developers with a rich new basis for defining and applying system-level test adequacy criteria. We describe a framework for evaluating distributed system test adequacy criteria, and demonstrate our approach on simulations and implementations of three distributed systems, including DNS, the Domain Name System.

14th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE-14), Portland, Oregon, November 2006, pp. 231-241.

A later version appears here.


Understanding Content-Based Routing Schemes

Antonio Carzaniga, Aubrey J. Rembert, and Alexander L. Wolf

Content-based networking is a message-oriented communication service in which a message is delivered to all destinations that have declared a selection predicate matching the content of that message. Analogous to that of a traditional address-based network, a routing scheme in a content-based network defines the router-local matching, forwarding, and header functions that collectively realize the delivery function. Several such routing schemes have been proposed in the literature, but they have been evaluated only qualitatively or in simulation. In this paper we abstract from those previous results in an effort to place them in a general theoretical framework. This framework allows us to rigorously define notions of correctness, minimality, and complexity. In particular, we prove the correctness and characterize the complexity of two existing content-based routing schemes, propose a new latency-minimal scheme, and provide the results of a Monte Carlo simulation that serves as the basis for estimating the space requirements of any given scheme.

Technical Report USI-INF-2006-05, Faculty of Informatics, University of Lugano, Lugano, Switzerland, September 2006.


DV/DRP: A Content-Based Networking Protocol for Sensor Networks

Cyrus Hall, Antonio Carzaniga, and Alexander L. Wolf

An ideal sensor network would minimize communication by routing information only to those nodes requiring the information. We are exploring the use of a content-based network for this purpose, where messages containing sensor readings and associated metadata are relayed from source nodes to destination nodes based solely on the fact that the destination nodes have expressed interest in specific message content. This paper contributes a concrete protocol, called DV/DRP, that implements content-based networking for wireless sensor networks or other similarly constrained network configurations. DV/DRP augments a basic distance vector protocol to construct both primary and alternate routes. DV/DRP also features a new content-based forwarding technique called dynamic receiver partitioning. DV/DRP makes minimal assumptions on the underlying MAC layer. Notably, it uses only a primitive local broadcast, does not require reliability of the link layer nor the use of acknowledgments, and explicitly handles asymmetric links. We present simulations showing that the protocol scales to large networks while minimizing the resource consumption of individual nodes. We also show that the protocol is robust with respect to transient and permanent node failures, as well as asymmetries in wireless links. Finally, to demonstrate that DV/DRP is suitable for memory-constrained sensor networks, we discuss a preliminary implementation.

Technical Report USI-INF-2006-04, Faculty of Informatics, University of Lugano, Lugano, Switzerland, September 2006.


On Relating Functional Specifications to Architectural Specifications: A Case Study

Flavio Corradini, Paola Inverardi, and Alexander L. Wolf

Software architecture specifications are predominantly concerned with describing the component structure of systems and how the components interact behaviorally. They are increasingly part of standardized software development processes because they represent a system abstraction in which design choices relevant to the correctness of the final system are taken. Therefore, much of software architecture research has concentrated on specification and analysis, whereas little attention has been paid to formally relating architectural specifications to higher levels of specification, such as the system requirements. In this paper we present our progress toward addressing an instance of this problem, namely relating state-based software architecture specifications to high-level functional specifications. Our approach is to use an intermediate specification given in terms of a set of temporal logic properties to bridge the gap between the two levels of specifications. We describe our approach in the context of a particular case study, the AEGIS GeoServer Simulation Testbed system, showing how a compact functional specification of a critical behavioral property of the system can be used to validate three alternative architectural specifications of that system.

Science of Computer Programming, vol. 59, no. 3, February 2006, pp. 171-208.


Automating Experimentation on Distributed Testbeds

Yanyan Wang, Matthew J. Rutherford, Antonio Carzaniga, and Alexander L. Wolf

Engineering distributed systems is a challenging activity. This is partly due to the intrinsic complexity of distributed systems, and partly due to the practical obstacles that developers face when evaluating and tuning their design and implementation decisions. This paper addresses the latter aspect, providing techniques for software engineers to automate the experimentation activity. Our approach is founded on a suite of models that characterize the distributed system under experimentation, the testbeds upon which the experiments are to be carried out, and the client behaviors that drive the experiments. The models are used by generative techniques to automate construction of the workloads, as well as construction of the scripts for deploying and executing the experiments on distributed testbeds. The framework is not targeted at a specific system or application model, but rather is a generic, programmable tool. We have validated our approach by performing experiments on a variety of distributed systems. For two of these systems, the experiments were deployed and executed on the PlanetLab wide-area testbed. Our experience shows that this framework can be readily applied to different kinds of distributed system architectures, and that using it for meaningful experimentation, especially in large-scale network environments, is advantageous.

20th IEEE/ACM International Conference on Automated Software Engineering (ASE '05), Long Beach, California, November 2005, pp. 164-173.


Editorial: Introduction to Impact Project Papers

Leon J. Osterweil, Carlo Ghezzi, Jeff Kramer, and Alexander L. Wolf

This issue of the ACM Transactions on Software Engineering and Methodology contains two papers produced under the auspices of the Impact Project. The Impact Project is a special initiative of the Association of Computing Machinery (ACM) Special Interest Group in Software Engineering (SIGSOFT). It is funded in part by the US National Science Foundation (NSF), the UK Institution of Electrical Engineers (IEE), and the Japan Electronics and Information Technology Industries Association (JEITA).

The project's goal is to determine the impact of software engineering research upon software engineering practice. This is being pursued by identifying and documenting research contributions that have had substantial impact, determining the research modalities that have been relatively more successful, identifying technology transition approaches that have worked best, and anticipating directions that software engineering research might most effectively pursue, based on its history and positioning. In doing so, the project is also providing case studies of how a scientific community works, and what approaches both hamper and improve its effectiveness.

ACM Transactions on Software Engineering and Methodology, vol. 14, no. 4, October 2005, pp. 381-382.


Dealing with Failures During Failure Recovery of Distributed Systems

Naveed Arshad, Dennis Heimbigner, and Alexander L. Wolf

One of the characteristics of autonomic systems is self recovery from failures. Self recovery can be achieved through sensing failures, planning for recovery and executing the recovery plan to bring the system back to a normal state. For various reasons, however, additional failures are possible during the process of recovering from the initial failure. Handling such secondary failures is important because they can cause the original recovery plan to fail and can leave the system in a complicated state that is worse than before. In this paper techniques are identified to preserve consistency while dealing with such failures that occur during failure recovery.

2005 Workshop on Design and Evolution of Autonomic Application Software (DEAS '05), St. Louis, Missouri, May 2005, pp. 9-14.


Distributed-System Failures: Observations and Implications for Testing

Matthew J. Rutherford, Antonio Carzaniga, and Alexander L. Wolf

Distributed software systems are notoriously difficult to test. As in all software testing, the space of potential test cases for distributed systems is intractably large and so the efforts of testers must be directed to the scenarios that are most important. Unfortunately, there does not currently exist a general-purpose, disciplined, and effective testing method for distributed systems. In this paper we present an empirical study of failures experienced by the users of seven open-source distributed systems. The goal of the study is to understand the extent to which there are patterns, commonalities, and correlations in the failure scenarios, such that one could define an improved testing method for distributed systems. Our results indicate that: a new generation of test-adequacy criteria are needed to address the failures that are due to distribution; the configurations that cause user-reported failures are reasonably straightforward to identify; and generic failure observations (i.e., those for which reusable techniques can be developed) are strongly correlated to the distributed nature of system failures. The second two results in particular imply that there is a reasonable bound on the effort required to organize the testing activity. Overall, the study gives us some early confidence that it is feasible to consider a testing method that targets distributed systems. The results of this study are offered as a basis for future work on the definition of such a method.

Technical Report CU-CS-994-05, Department of Computer Science, University of Colorado, Boulder, Colorado, April 2005.


A Planning Based Approach to Failure Recovery in Distributed Systems

Naveed Arshad, Dennis Heimbigner, and Alexander L. Wolf

Failure recovery in distributed systems poses a difficult challenge because of the requirement for high availability. Failure scenarios are usually unpredictable so they can not easily be foreseen. In this research we propose a planning based approach to failure recovery. This approach automates failure recovery by capturing the state after failure, defining an acceptable recovered state as a goal and applying planning to get from the initial state to the goal state. By using planning, this approach can recover from a variety of failed states and reach any of several acceptable states: from minimal functionality to complete recovery.

2004 Workshop on Self-Managed Systems (WOSS '04), Newport Beach, California, October 2004, pp. 8-12.


Using Event-Based Parsing to Support Dynamic Protocol Evolution

Nathan D. Ryan and Alexander L. Wolf

All systems built from distributed components involve the use of one or more protocols for inter-component communication. Whether these protocols are based on a broadly used "standard" or are specially designed for a particular application, they are likely to evolve. The goal of the work described here is to contribute techniques that can support protocol evolution. We are concerned not with how or why a protocol might evolve, or even whether that evolution is in some sense correct. Rather, our concern is with making it possible for applications to accommodate protocol changes dynamically. Our approach is based on a method for isolating the syntactic details of a protocol from the semantic concepts manipulated within components. Protocol syntax is formally specified in terms of tokens, message structures, and message sequences. Event-based translation techniques are used in a novel way to present to the application the semantic concepts embodied by these syntactic elements. We illustrate our approach by showing how it would support an HTTP 1.1 client interacting with an HTTP 1.0 server.

26th International Conference on Software Engineering, Edinburgh, Scotland, May 2004, pp. 408-417.


Discovering Models of Behavior for Concurrent Workflows

Jonathan E. Cook, Zhidian Du, Chongbing Liu, and Alexander L. Wolf

Understanding the dynamic behavior of a workflow is crucial for being able to modify, maintain, and improve it. A particularly difficult aspect of some behavior is concurrency. Automated techniques which seek to mine workflow data logs to discover information about the workflows must be able to handle the concurrency that manifests itself in the workflow executions. This paper presents techniques to discover patterns of concurrent behavior from traces of workflow events. The techniques are based on a probabilistic analysis of the event traces. Using metrics for the number, frequency, and regularity of event occurrences, a determination is made of the likely concurrent behavior being manifested by the system. Discovering this behavior can help a workflow designer better understand and improve the work processes they are managing.

Computers in Industry, no. 53, April 2004, pp. 297-319.


A Routing Scheme for Content-Based Networking

Antonio Carzaniga, Matthew J. Rutherford, and Alexander L. Wolf

This paper proposes a routing scheme for content-based networking. A content-based network is a communication network that features a new advanced communication model where messages are not given explicit destination addresses, and where the destinations of a message are determined by matching the content of the message against selection predicates declared by nodes. Routing in a content-based network amounts to propagating predicates and the necessary topological information in order to maintain loop-free and possibly minimal forwarding paths for messages. The routing scheme we propose uses a combination of a traditional broadcast protocol and a content-based routing protocol. We present the combined scheme and its requirements over the broadcast protocol. We then detail the content-based routing protocol, highlighting a set of optimization heuristics. We also present the results of our evaluation, showing that this routing scheme is effective and scalable.

2004 IEEE Conference on Computer Communications, Hong Kong, China, March 2004, pp. 918-928.


Event-Based Document Sensing for Insider Threats

Kenneth Anderson, Antonio Carzaniga, Dennis Heimbigner, and Alexander L. Wolf

In this report we describe a uniquely decentralized event-based system for online and offline tracking, analysis, and control of electronic document transactions in order to detect suspected insider misuse of those documents. Our system is focused on the problem of tracking and analyzing user's actions with respect to documents. On the user side, the proposed system will support the placing of document sensors into a heterogeneous collection of document editors (e.g., Microsoft Office) and browsers, including Web browsers. The system will provide a low entry barrier with respect to integrating new user-side tools. On the administrative side, the proposed system will support a dynamically changing set of online and offline analysis and control programs capable of providing such diverse capabilities as visualization, persistence, forensics, access control validation, and slicing of document access patterns based on, for example, user, or document, or transaction type, or time-line. The system as a whole will be portable, which we will demonstrate by providing integration of tools under both Linux and Windows.

Technical Report CU-CS-968-04, Department of Computer Science, University of Colorado, Boulder, Colorado, February 2004.


Design and Evaluation of a Support Service for Mobile, Wireless Publish/Subscribe Applications

Mauro Caporuscio, Antonio Carzaniga, and Alexander L. Wolf

This paper presents the design and evaluation of a support service for mobile, wireless clients of a distributed publish/subscribe system. A distributed publish/subscribe system is a networked communication infrastructure where messages are published by senders and then delivered to the receivers whose subscriptions match the messages. Communication therefore does not involve the use of explicit addresses, but rather emerges from the dynamic arrangement of publishers and subscribers. Such a communication mechanism is an ideal platform for a variety of internet applications, including multi-party messaging, personal information management, information sharing, on-line news distribution, service discovery, and electronic auctions. Our goal is to support such applications on mobile, wireless host devices in such a way that the applications can, if they chose, be oblivious to the mobility and intermittent connectivity of their hosts as they move from one publish/subscribe access point to another. In this paper we describe a generic, value-added service that can be used in conjunction with publish/subscribe systems to achieve these goals. We detail the implementation of the service and present the results of our evaluation of the service in both wireline and emulated wireless environments.

IEEE Transactions on Software Engineering, vol. 29, no. 12, December 2003, pp. 1059-1071.


Deployment and Dynamic Reconfiguration Planning for Distributed Software Systems

Naveed Arshad, Dennis Heimbigner, and Alexander L. Wolf

Initial deployment and subsequent dynamic reconfiguration of a software system is difficult because of the interplay of many interdependent factors, including cost, time, application state, and system resources. As the size and complexity of software systems increases, procedures (manual or automated) that assume a static software architecture and environment are becoming untenable. We have developed a novel technique for carrying out the deployment and reconfiguration planning processes that leverages recent advances in the field of temporal planning. We describe a tool called Planit, which manages the deployment and reconfiguration of a software system utilizing a temporal planner. Given a model of the structure of a software system, the network upon which the system should be hosted, and a goal configuration, Planit will use the temporal planner to devise possible deployments of the system. Given information about changes in the state of the system, network and a revised goal, Planit will use the temporal planner to devise possible reconfigurations of the system. We present the results of a case study in which Planit is applied to a system consisting of various components that communicate across an application-level overlay network.

15th International Conference on Tools with Artificial Intelligence (ICTAI '03), Sacramento, California, November 2003, pp. 39-46.

A later version appears here.


A Case for Test-Code Generation in Model-Driven Systems

Matthew J. Rutherford and Alexander L. Wolf

A primary goal of generative programming and model-driven development is to raise the level of abstraction at which designers and developers interact with the software systems they are building. During initial development, the benefits of abstraction are clear. However, during testing and maintenance, increased distance from the implementation can be a disadvantage. We view test cases and test harnesses as an essential bridge between the high-level specifications and the implementation. As such, the generation of test cases for fully generated components and test harnesses for partially generated components is of fundamental importance to model-driven systems. In this paper we present our experience with test-case and test-harness generation for a family of model-driven, component-based distributed systems. We describe our development tool, MODEST, and motivate our decision to invest the extra effort needed to generate test code. We present our approach to test-case and test-harness generation and describe the benefits to developers and maintainers of generated systems. Furthermore, we quantify the relative cost of generating test code versus application code and find that the artifact templates for producing test code are simpler than those used for application code. Given the described benefits to developers and maintainers and the relatively low cost of test-code development, we argue that test-code generation should be a fundamental feature of model-driven development efforts.

Second International Conference on Generative Programming and Component Engineering (GPCE '03), Lecture Notes in Computer Science 2830, Springer-Verlag, Berlin, 2003, pp. 377-396.


The Application of Dependence Analysis to Software Architecture Descriptions

Judith A. Stafford, Alexander L. Wolf, and Mauro Caporuscio

As the focus of software design shifts increasingly toward the architectural level, so too are its analysis techniques. Dependence analysis is one such technique that shows promise at this level. In this paper we briefly describe and illustrate the application of dependence analysis to architectural descriptions of software systems.

Formal Methods for Software Architectures: Third International School on Formal Methods for the Design of Computer, Communication and Software Systems, Lecture Notes in Computer Science 2804, Springer-Verlag, Berlin, 2003, pp. 52-62.


Forwarding in a Content-Based Network

Antonio Carzaniga and Alexander L. Wolf

This paper presents an algorithm for content-based forwarding, an essential function in content-based networking. Unlike in traditional address-based unicast or multicast networks, where messages are given explicit destination addresses, the movement of messages through a content-based network is driven by predicates applied to the content of the messages. Forwarding in such a network amounts to evaluating the predicates stored in a router's forwarding table in order to decide to which neighbor routers the message should be sent. We are interested in finding a forwarding algorithm that can make this decision as quickly as possible in situations where there are numerous, complex predicates and high volumes of messages. We present such an algorithm and give the results of studies evaluating its performance.

2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, Karlsruhe, Germany, August 2003, pp. 163-174.


A Lightweight Infrastructure for Reconfiguring Applications

Marco Castaldi, Antonio Carzaniga, Paola Inverardi, and Alexander L. Wolf

We describe Lira, a lightweight infrastructure for managing dynamic reconfiguration that applies and extends the concepts of network management to component-based, distributed software systems. Lira is designed to perform both component-level reconfigurations and scalable application-level reconfigurations, the former through agents associated with individual components and the latter through a hierarchy of managers. Agents are programmed on a component-by-component basis to respond to reconfiguration requests appropriate for that component. Managers embody the logic for monitoring the state of one or more components, and for determining when and how to execute reconfiguration activities. A simple protocol based on SNMP is used for communication among managers and agents.

11th International Workshop on Software Configuration Management, Lecture Notes in Computer Science 2649, Springer-Verlag, Berlin, 2003, pp. 231-244.


Software Release Management for Component-Based Software

André van der Hoek and Alexander L. Wolf

Software release management is the process through which software is made available to and obtained by its users. Until now, this process has been relatively straightforward. However, the emergence of component-based software is complicating software release management. Increasingly, software is constructed via the assembly of pre-existing, independently produced, and independently released components. Both developers and users of such software are affected by these complications. Developers need to accurately document the complex and changing dependencies among the components constituting the software. Users must be involved in locating, retrieving, and assembling components in order to appropriately bring the software into their particular environment. In this paper, we introduce the problem of release management for component-based software and discuss SRM, a prototype software release management tool we have developed that supports both developers and users in the software release management process.

Software-Practice and Experience, vol. 33, issue 1, January 2003, pp. 77-98


Content-Based Networking: A New Communication Infrastructure

Antonio Carzaniga and Alexander L. Wolf

We argue that the needs of many classes of modern applications, especially those targeted at mobile or wireless computing, demand the services of content-based publish/subscribe middleware, and that this middleware in turn demands a new kind of communication infrastructure for its proper implementation. We refer to this new communication infrastructure as content-based networking. The service model of this network must directly support the interface of an advanced content-based publish/subscribe middleware service. At the same time, the implementation must be architected as a true distributed network, providing appropriate guarantees of reliability, security, and performance. We do not propose content-based networking as a replacement for IP, nor do we advocate an implementation of a publish/subscribe middleware at the network level (i.e., within routers). Instead, we argue that content-based networking must be designed according to established networking principles and techniques. To this end, in this paper, we formulate the foundational concepts of content-based networking, and relate them to the corresponding concepts in traditional networking. We also briefly review our experience with content-based publish/subscribe middleware and suggest some open research problems in the area of content-based networking.

NSF Workshop on an Infrastructure for Mobile and Wireless Systems, Lecture Notes in Computer Science 2538, Springer-Verlag, Berlin, 2002, pp. 59-68.


Research Direction for Developing an Infrastructure for Mobile & Wireless Systems

Birgitta Konig-Ries, Kia Makki, S.A.M. Makki, Charles E. Perkins, Niki Pissinou, Peter Reiher, Peter Scheuermann, Jari Veijalainen, Alexander Wolf, and Ouri Wolfson

The recent NSF Workshop on Infrastructure for Mobile and Wireless Systems, held on October 15, 2001 in Phoenix had a goal of defining and establishing a common infrastructure for the discipline of mobile wireless networking. This consensus-based paper is the outcome of that workshop. The paper provides a foundation for implementation, standardization, and further research and discussion on the issues of what should constitute such an infrastructure. Workshop participants came from many different wireless communities, including those of communications, operating systems, core networking, mobility, databases, and middleware. The workshop presented various research directions in the field and included substantial discussion on the role of an infrastructure for wireless mobile networking and the desirable components of such an infrastructure.

NSF Workshop on an Infrastructure for Mobile and Wireless Systems, Lecture Notes in Computer Science 2538, Springer-Verlag, Berlin, 2002, pp. 1-37.


An Experience in Evaluating Publish/Subscribe Services in a Wireless Network

Mauro Caporuscio, Antonio Carzaniga, and Alexander L. Wolf

As wireless technology becomes more available, developers of distributed applications are becoming more interested in how that technology affects the performance of their systems. We have developed a distributed publish/subscribe communication service initially hosted on the standard IP-wired network infrastructure, but would now like to rehost that service onto a GPRS wireless network. This paper reports on our experience in attempting to evaluate the performance of the service using an available emulation environment. Our conclusion from our experience to date is that current tools do not model the wireless network at an appropriate level of abstraction. In particular, they do not allow us to study the integration of individual publish/subscribe service-layer elements with GPRS network-layer elements, nor do they allow us to study multiple GPRS clients interacting over the network. Instead we were limited to results related to the interaction between an individual GPRS client and the GPRS network modeled as a monolith.

3rd International Workshop on Software and Performance, Rome, Italy, July 2002, pp. 128-133.


Reconfiguration in the Enterprise JavaBean Component Model

Matthew J. Rutherford, Kenneth Anderson, Antonio Carzaniga, Dennis Heimbigner, and Alexander L. Wolf

Reconfiguration is the process of applying planned changes to the communication, interconnection, componentization, or functionality of a deployed system. It is a powerful tool for achieving a variety of desirable properties of large-scale, distributed systems, including evolvability, adaptability, survivability, and continuous availability. Current approaches to reconfiguration are inadequate: some allow one to describe a system's range of configurations for a relatively broad class of system architectures, but do not provide a mechanism for actually carrying out a reconfiguration; others provide a mechanism for carrying out certain kinds of limited reconfigurations, but assume a specialized system architecture in order to do so. This paper describes our attempt at devising a reconfiguration mechanism for use with the popular and widely available Enterprise JavaBean (EJB) component container model. We describe extensions to the basic services provided by EJB to support the mechanism, a prototype implementation, and a case study of its application to a representative component-based distributed system.

IFIP/ACM Working Conference on Component Deployment, Lecture Notes in Computer Science 2370, Springer-Verlag, Berlin, 2002, pp. 67-81.


Intrusion Management Using Configurable Architecture Models

Dennis Heimbigner and Alexander L. Wolf

Software is increasingly being constructed using the component-based paradigm in which software systems are assembled using components from multiple sources. Moreover, these systems are increasingly dynamic; a core set of components is assembled and then new functionality is provided as needed by dynamically inserting additional components.

A newer trend closely associated with the use of component-based software is the post-development use of configurable run-time architecture models describing the structure of the software system. These models are coming out of the software engineering community and are being used to manage component-based systems at deployment and operations time. The key aspect of this trend is that these models accompany the software system and provide the basis for defining and executing run-time monitoring and reconfiguration of these systems.

We believe that these models have the potential for providing a new and important source of information that can be exploited to improve the management of intrusions directed against these software systems. Our hypothesis is that they can provide a common framework for integrating and managing all phases of intrusion defenses: phases including intrusion detection, response, and analysis. We will show how these models can provide a framework around which to organize intrusion-related data. We will also show how architecture-driven reconfiguration can provide improved response, and how inconsistencies between the models and the actual system state can support application-level anomaly detection and computer forensics analysis.

Technical Report CU-CS-929-02, Department of Computer Science, University of Colorado, Boulder, Colorado, April 2002.


A Benchmark Suite for Distributed Publish/Subscribe Systems

Antonio Carzaniga and Alexander L. Wolf

Building a distributed publish/subscribe infrastructure amounts to defining a service model (or interface) and providing an implementation for it. A typical distributed implementation is architected as a network of dispatcher components, each one implementing appropriate protocols and algorithms, that collectively realize the chosen service model. The service model should provide a value-added service for a wide variety of applications, while the implementation should gracefully scale up to handle an intense traffic of publications and subscriptions. We believe that the design of such service models and implementations must be guided by a systematic evaluation method, which in turns must be based on a carefully chosen benchmark suite. In this paper, we lay out a set of requirements for a benchmark suite for distributed publish/subscribe services, and we outline its primary components. The ideas proposed in this paper are based on our own experience in building and studying publish/subscribe infrastructures, and on existing evaluation frameworks.

Technical Report CU-CS-927-02, Department of Computer Science, University of Colorado, Boulder, Colorado, April 2002.


A Testbed for Configuration Management Policy Programming

André van der Hoek, Antonio Carzaniga, Dennis Heimbigner, and Alexander L. Wolf

Even though the number and variety of available configuration management systems has grown rapidly in the past few years, the need for new configuration management systems still remains. Driving this need are the emergence of situations requiring highly specialized solutions, the demand for management of artifacts other than traditional source code, and the exploration of wholely new research questions in configuration management. Complicating the picture is the trend toward organizational structures that involve personnel working at physically separate sites.

We have developed a testbed to support the rapid development of configuration management systems. The testbed separates configuration management repositories (i.e., the stores for versions of artifacts) from configuration management policies (i.e., the procedures according to which the versions are manipulated) by providing a generic model of a distributed repository and an associated programmatic interface. Specific configuration management policies are programmed as unique extensions to the generic interface, while the underlying distributed repository is reused across different policies. In this paper, we describe the repository model and its interface, and present our experience in using a prototype of the testbed, called NUCM, to implement a variety of configuration management systems.

IEEE Transactions on Software Engineering, vol. 28, no. 1, January 2002, pp. 79-99.


Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems

Chenxi Wang, Antonio Carzaniga, David Evans, and Alexander L. Wolf

Publish-subscribe is a communication paradigm that supports dynamic, many-to-many communications in a distributed environment. Content-based pub-sub systems are often implemented on a peer-to-peer infrastructure that enables information dissemination from information producers (publishers) to consumers (subscribers) through a subscription mechanism. In a wide-area pub-sub network, the pub-sub service must handle information dissemination across distinct authoritative domains, heterogeneous platforms and a large, dynamic population of publishers and subscribers. Such an environment raises serious security concerns. In this paper, we investigate the security issues and requirements that arise in an internet-scale content-based pub-sub system. We distinguish among those requirements that can be achieved with current technology and those that require innovative solutions.

35th Hawaii International Conference on System Sciences, Big Island, Hawaii, January 2002.


The Willow Architecture: Comprehensive Survivability for Large-Scale Distributed Applications

John Knight, Dennis Heimbigner, Alexander L. Wolf, Antonio Carzaniga, Jonathan Hill, Premkumar Devanbu, and Michael Gertz

The Willow architecture is a comprehensive approach to survivability in critical distributed applications. Survivability is achieved in a deployed system using a unique combination of (a) fault avoidance by disabling vulnerable network elements intentionally when a threat is detected or predicted, (b) fault elimination by replacing system software elements when faults are discovered, and (c) fault tolerance by reconfiguring the system if non-maskable damage occurs. The key to the architecture is a powerful reconfiguration mechanism that is combined with a general control structure in which network state is sensed, analyzed, and required changes effected. The architecture can be used to deploy software functionality enhancements as well as survivability. Novel aspects include: node configuration control mechanisms; a workflow system for resolving conflicting configurations; communications based on wide-area event notification; tolerance for wide-area, hierarchic and sequential faults; secure, and secure, scaleable, and delegatable trust models.

Technical Report CU-CS-926-01, Department of Computer Science, University of Colorado, Boulder, Colorado, December 2001.


The Willow Survivability Architecture

John Knight, Dennis Heimbigner, Alexander L. Wolf, Antonio Carzaniga, and Jonathan Hill

The Willow architecture provides a comprehensive architectural approach to the provision of survivability in critical information networks. It is based on the notion that survivability of a network requires reconfiguration at both the system and the application levels. The Willow notion of reconfiguration is very general, and the architecture provides reconfiguration mechanisms for both automatic and manual network control. In this paper we summarize the Willow concepts and provide an overview of the Willow architecture. Finally we describe a demonstration application system that has been built on top of a prototype Willow implementation.

Fourth Information Survivability Workshop, Vancouver, British Columbia, October 2001 (postponed to March 2002).


Design and Evaluation of a Wide-Area Event Notification Service

Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf

The components of a loosely-coupled system are typically designed to operate by generating and responding to asynchronous events. An event notification service is an application-independent infrastructure that supports the construction of event-based systems, whereby generators of events publish event notifications to the infrastructure and consumers of events subscribe with the infrastructure to receive relevant notifications. The two primary services that should be provided to components by the infrastructure are notification selection (i.e., determining which notifications match which subscriptions) and notification delivery (i.e, routing matching notifications from publishers to subscribers). Numerous event notification services have been developed for local-area networks, generally based on a centralized server to select and deliver event notifications. Therefore, they suffer from an inherent inability to scale to wide-area networks, such as the Internet, where the number and physical distribution of the service's clients can quickly overwhelm a centralized solution. The critical challenge in the setting of a wide-area network is to maximize the expressiveness in the selection mechanism without sacrificing scalability in the delivery mechanism.

This paper presents Siena, an event notification service that we have designed and implemented to exhibit both expressiveness and scalability. We describe the service's interface to applications, the algorithms used by networks of servers to select and deliver event notifications, and the strategies used to optimize performance. We also present results of simulation studies that examine the scalability and performance of the service.

ACM Transactions on Computer Systems, vol. 19, no. 3, August 2001, pp. 332-383.


Architecture-Level Dependence Analysis for Software Systems

Judith A. Stafford and Alexander L. Wolf

The emergence of formal software architecture description languages provides an opportunity to perform analyses at high levels of abstraction, as well as early in the development process. Previous research has primarily focused on developing techniques such as algebraic and transition-system analysis to detect component mismatches or global behavioral incorrectness. In this paper we motivate the utility and describe the challenges in developing a different kind of analysis for use at the architectural level, namely dependence analysis. Various kinds of dependence analyses have been used widely at the implementation level to aid program optimization, anomaly checking, program understanding, testing, and debugging. However, the languages used for architectural description offer quite different features than the languages for which traditional dependence analysis techniques have been developed. We describe our initial approach to architecture-level dependence analysis and illustrate that approach through a prototype tool we have built, called Aladdin, to automatically perform the analysis.

International Journal of Software Engineering and Knowledge Engineering, Vol. 11, No. 4, August 2001, pp. 431-452.

This paper is also available as a preprint in PDF here or in gzipped postscript here.


Bend, Don't Break: Using Reconfiguration to Achieve Survivability

Alexander L. Wolf, Dennis Heimbigner, John Knight, Premkumar Devanbu, Michael Gertz, and Antonio Carzaniga

Our national interests are becoming increasingly dependent on the continuous, proper functioning of large-scale, heterogeneous, and decentralized computing enterprises. We are designing a secure, automated framework for proactive and reactive reconfiguration of large-scale, heterogeneous, distributed systems so that critical networked computing enterprises can tolerate intrusions and continue to provide an acceptable level of service. Proactive reconfiguration adds, removes, and replaces components and interconnections to cause a system to assume postures that achieve enterprise-wide intrusion tolerance goals, such as increased resilience to specific kinds of attacks or increased preparedness for recovery from specific kinds of failures. In a complementary fashion, reactive reconfiguration adds, removes, and replaces components and interconnections to restore the integrity of a system in bounded time once an intrusion has been detected and the system is known or suspected to have been compromised. Our framework consists of two interrelated elements: an application architecture for designing large-scale, dynamically reconfigurable systems and a common infrastructure for building and securely operating those systems.

Third Information Survivability Workshop, Boston, Massachusetts, October 2000.


Annotating Components to Support Component-Based Static Analyses of Software Systems

Judith A. Stafford and Alexander L. Wolf

COTS components are typically viewed as black-boxes; input and output information is supplied in their interfaces. In this paper we argue that interfaces provide insufficient information for many analysis purposes and suggest analysis-related annotations be supplied with components. We center our discussion on static dependence analysis. We use an extensible language to annotate components and perform dependence analysis over these descriptions. We propose that component annotations be certified, thereby providing a base for certifiable analysis.

Grace Hopper Celebration of Women in Computing 2000, Hyannis, Massachusetts, September 2000.


Achieving Scalability and Expressiveness in an Internet-Scale Event Notification Service

Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf

This paper describes the design of Siena, an Internet-scale event notification middleware service for distributed event-based applications deployed over wide-area networks. Siena is responsible for selecting the notifications that are of interest to clients (as expressed in client subscriptions) and then delivering those notifications to the clients via access points. The key design challenge for Siena is maximizing expressiveness in the selection mechanism without sacrificing scalability of the delivery mechanism. This paper focuses on those aspects of the design of Siena that fundamentally impact scalability and expressiveness. In particular, we describe Siena's data model for notifications, the covering relations that formally define the semantics of the data model, the distributed architectures we have studied for Siena's implementation, and the processing strategies we developed to exploit the covering relations for optimizing the routing of notifications.

Nineteenth Annual ACM Symposium on Principles of Distributed Computing, Portland, Oregon, July 2000, pp. 219-227.

A later version appears here.


Static Checking of System Behaviors Using Derived Component Assumptions

Paola Inverardi, Alexander L. Wolf, and Daniel Yankelevich

A critical challenge faced by the developer of a software system is to understand whether the system's components correctly integrate. While type theory has provided substantial help in detecting and preventing errors in mismatched static properties, much work remains in the area of dynamics. In particular, components make assumptions about their behavioral interaction with other components, but currently we have only limited ways in which to state those assumptions and to analyze those assumptions for correctness.

We have formulated a method that begins to address this problem. The method operates at the architectural level so that behavioral integration errors, such as deadlock, can be revealed early and at a high level. For each component, a specification is given of its interaction behavior. From this specification, assumptions that the component makes about the corresponding interaction behavior of the external context are automatically derived. We have defined an algorithm that performs compatibility checks between finite representations of a component's context assumptions and the actual interaction behaviors of the components with which it is intended to interact. A configuration of a system is possible if and only if a successful way of matching actual behaviors with assumptions can be found. The state-space complexity of this algorithm is significantly less than that of comparable approaches and, in the worst case, the time complexity is comparable to the worst case of standard reachability analysis.

ACM Transactions on Software Engineering and Methodology, vol. 9, no. 3, July 2000, pp. 239-272.


An Infrastructure for Generating and Sharing Experimental Workloads for Persistent Object Systems

Thorna Humphries, Artur Klauser, Alexander L. Wolf, and Benjamin G. Zorn

Performance evaluation of persistent object system implementations requires the use and evaluation of experimental workloads. Such workloads include a schema describing how the data are related, and application behaviors that capture how the data are manipulated over time. In this paper, we describe an infrastructure for generating and sharing experimental workloads to be used in evaluating the performance of persistent object system implementations. The infrastructure consists of a toolkit that aids the analyst in modeling and instrumenting experimental workloads, and a trace format that allows the analyst to easily reuse and share the workloads. Our infrastructure provides the following benefits: the process of building new experiments for analysis is made easier; experiments to evaluate the performance of implementations can be conducted and reproduced with less effort; and pertinent information can be gathered in a cost-effective manner. We describe the two major components of this infrastructure, the trace format and the toolkit. We also describe our experiences using these components to model, instrument, and experiment with the OO7 benchmark.

Software-Practice and Experience, vol. 30, issue 4, 2000, pp. 387-417.


Foundations for Software Configuration Management Policies Using Graph Transformations

Francesco Parisi-Presicce and Alexander L. Wolf

Existing software configuration management systems embody a wide variety of policies for how artifacts can evolve. New policies continue to be introduced. Without a clean separation of configuration management policies from configuration management mechanisms, it is difficult to understand the policies as well as difficult to reason about how they relate. We introduce a formal foundation for specifying configuration management policies by viewing the policies in terms of graph transformation systems. Not only are we able to precisely capture the semantics of individual policies, we can, for the first time, describe formal properties of the relationship between policies.

Fundamental Approaches to Software Engineering 2000, Lecture Notes in Computer Science 1783, Springer-Verlag, Berlin, 2000, pp. 304-318.


Content-Based Addressing and Routing: A General Model and its Application

Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf

The designers of communication networks are being challenged by the emergence of a new class of addressing and routing scheme referred to as content-based addressing and routing. This new approach differs from traditional unicast and multicast schemes in that it performs routing based on the data being transported in a message rather than on any specialized addressing and routing information attached to, or otherwise associated with, the message. An example of an application for content-based addressing and routing is an event notification service, which is a general-purpose facility for asynchronously and implicitly conveying information from generators of events to any and all parties expressing interest in those events. In order to implement content-based addressing and routing, we can adopt well-known and successful network architectures and protocols, provided that we understand how to map the core concepts and functionalities of content-based addressing and routing onto this established infrastructure. Toward that end, we have formulated a general, yet powerful model of addressing and routing that allows us to formalize the crucial aspects of content-based addressing and routing in a surprisingly simple manner. Furthermore, it allows us to treat traditional unicast and multicast addressing and routing uniformly as instances of this more general model. This paper presents our model and demonstrates its utility by showing its application to the design of an existing event notification service.

Technical Report CU-CS-902-00, Department of Computer Science, University of Colorado, Boulder, Colorado, January 2000.


Capturing Architectural Configurability: Variants, Options, and Evolution

André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf

Although meant to be relatively stable, the architecture of a software system does, at times, change. This simple yet important observation immediately raises the question of how changes to an architecture should be captured. Current architecture description languages are not well-suited for this purpose, but existing techniques from the discipline of configuration management can be adapted to provide a solution. In particular, we propose a novel representation, called configurable software architecture, that extends the traditional notion of software architecture with the concepts of variants, options, and evolution. We discuss the details of the representation, present an environment that allows the specification of configurable software architectures, and highlight a few of the opportunities that we believe arise once architectural configurability can be precisely captured.

Technical Report CU-CS-895-99, Department of Computer Science, University of Colorado, Boulder, Colorado, December 1999.

retrieve compressed Postscript


A Conceptual Basis for Feature Engineering

C. Reid Turner, Alfonso Fuggetta, Luigi Lavazza, and Alexander L. Wolf

The gulf between the user and the developer perspectives leads to difficulties in producing successful software systems. Users are focused on the problem domain, where the system's features are the primary concern. Developers are focused on the solution domain, where the system's life-cycle artifacts are key. Presently, there is little understanding of how to narrow this gulf.

This paper argues for establishing an organizing viewpoint that we term feature engineering. Feature engineering promotes features as first-class objects throughout the software life cycle and across the problem and solution domains. The goal of the paper is not to propose a specific new technique or technology. Rather, it aims at laying out some basic concepts and terminology that can be used as a foundation for developing a sound and complete framework for feature engineering. The paper discusses the impact that features have on different phases of the life cycle, provides some ideas on how these phases can be improved by fully exploiting the concept of feature, and suggests topics for a research agenda in feature engineering.

Journal of Systems and Software, Vol. 49, No. 1, December 1999, pp. 3-15.


Architecture-Based Software Engineering

Judith A. Stafford and Alexander L. Wolf

This paper provides an overview of the major issues and trends in architecture-based software engineering. While all software systems can be described in terms of components and interconnections, such descriptions are not always documented. Explicit description of software architecture provides a foundation for understanding and reasoning about both the functionality and quality of software systems very early in the development process as well as at a high level of abstraction. In this paper, we discuss the formalization of architectural specification, including a review of several languages developed especially for architectural description, and follow this with a discussion of architectural analysis techniques that can be applied to architectures described in these languages. Additionally, we discuss several other emerging concepts in software architecture that are having an influence on the general utility of the field.

Technical Report CU-CS-891-99, Department of Computer Science, University of Colorado, Boulder, Colorado, November 1999.

Portions of this report appears as Chapter 20 in the book Component-Based Software Engineering, edited by G.T. Heineman and W.T. Councill, Addison Wesley, 2001.


A Framework for Analyzing Configurations of Deployable Software Systems

Dennis M. Heimbigner, Richard S. Hall, and Alexander L. Wolf

Configuring and deploying a large software system is complicated when the system is composed of components and when there are numerous possible configurations for the system. In such a scenario, it is difficult for end-users to specify and install an appropriate configuration for their specific environment. Defining all valid configurations of a software system is challenging, and can be addressed through a concise specification that can generate all of the possible configurations. The Deployable Software Description (DSD), part of the University of Colorado Software Dock project, is one such specification format. But using the DSD runs the risk that the set of generated configurations includes some that are invalid with respect to constraints defined independently of the DSD. This paper describes a framework to support the analysis of DSD specifications to help developers detect potentially invalid configurations. This analysis assumes that the system components are annotated with properties, and an analysis tool is provided that takes a specific configuration and analyzes it for conflicts with respect to some set of constraints. Using the DSD, we can enumerate and analyze configurations to verify their validity. The results can be used to modify the DSD to avoid future generation of invalid configurations.

Fifth IEEE International Conference on Engineering of Complex Computer Systems, Las Vegas, Nevada, October 1999, pp. 32-42.


An Architecture-Based Approach to Self-Adaptive Software

Peyman Oreizy, Michael M. Gorlick, Richard N. Taylor, Dennis Heimbigner, Gregory Johnson, Nenad Medvidovic, Alex Quilici, David S. Rosenblum, and Alexander L. Wolf

An increasing number of mission-critical software systems require dependability, robustness, adaptability, and continuous availability. Self-adaptive software strives to fulfill these requirements. Self-adaptive software requires the simultaneous management of two related processes---system evolution, the consistent and reasoned application of change over time, and system adaptation, the cycle of detecting changing circumstances, planning responsive modifications, and deploying those modifications to field sites. We indicate how these two processes can be combined and coordinated in an infrastructure that supports ongoing continuous system change without requiring any downtime, rebuilds, or system restarts---all the while guaranteeing system integrity. Central to our methodology is the dominant role of software architectures in planning, coordinating, monitoring, evaluating, and implementing software adaptation. We argue that explicit system structure and representation, the separation of architecture from implementation, and the separation of communication from computation are scalable abstractions suitable for domains and adaptations of all sizes.

IEEE Intelligent Systems, vol. 14, no. 3, May/June 1999, pp. 54-62.


A Cooperative Approach to Support Software Deployment Using the Software Dock

Richard S. Hall, Dennis M. Heimbigner, and Alexander L. Wolf

Software deployment is an evolving collection of interrelated processes such as release, install, adapt, reconfigure, update, activate, deactivate, remove, and retire. The connectivity of large networks, such as the Internet, is affecting how software deployment is being performed. To take full advantage of this connectivity, new software deployment technologies must be introduced in order to support these processes. The Software Dock research project is creating a distributed, agent-based deployment framework to support the ongoing cooperation and negotiation among software producers themselves and among software producers and software consumers. This deployment framework is enabled by the use of a standardized semantic schema for describing software systems, called the Deployable Software Description (DSD) format. The Software Dock employs agents to traverse between software producers and consumers and to perform software deployment activities by interpreting the semantic descriptions of the software systems. The Software Dock infrastructure enables software producers to offer high-level deployment services that were previously not possible to their customers.

21st International Conference on Software Engineering, Los Angeles, California, May 1999, pp. 174-183.


Challenges for Distributed Event Services: Scalability vs. Expressiveness

Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf

The event-based style is a very promising approach for the development and integration of distributed objects. An event notification service is the glue that ties together distributed components in an event-based architecture. An event notification service implements what is commonly known as the publish/subscribe protocol: components publish events to inform other components of a change in their internal state or to request services from other components; the event service registers the interest of components expressed by means of subscriptions and consequently dispatches event notifications. In practice, the event notification service mediates and facilitates the interaction among applications by filtering, aggregating, and delivering events on their behalf.

The functionality of an event notification service is characterized by two conflicting requirements: scalability and expressiveness. The tension between scalability and expressiveness is evident in all recently proposed event notification technologies. We believe that the successful integration of distributed objects by means of events depends on both the scalability and the expressiveness of the event notification service. Here we propose a research approach to this problem that we pursued with our Siena project. In particular, we focus on how to realize scalable true content-based routing of events over a distributed event service with a generic topology.

ICSE '99 Workshop on Engineering Distributed Objects (EDO '99), Los Angeles, California, May 1999.


Software Process Validation: Quantitatively Measuring the Correspondence of a Process to a Model

Jonathan E. Cook and Alexander L. Wolf

To a great extent, the usefulness of a formal model of a software process lies in its ability to accurately predict the behavior of the executing process. Similarly, the usefulness of an executing process lies largely in its ability to fulfill the requirements embodied in a formal model of the process. When process models and process executions diverge, something significant is happening. We have developed techniques for uncovering and measuring the discrepancies between models and executions, which we call process validation. Process validation takes a process execution and a process model, and measures the level of correspondence between the two. Our metrics are tailorable and give process engineers control over determining the severity of different types of discrepancies. The techniques provide detailed information once a high-level measurement indicates the presence of a problem. We have applied our process validation methods in an industrial case study, of which a portion is described in this article.

ACM Transactions on Software Engineering and Methodology, vol. 8, no. 2, April 1999, pp. 147-176.


Uncovering Architectural Mismatch in Component Behavior

Daniele Compare, Paola Inverardi, and Alexander L. Wolf

When constructing software systems from existing components, the engineer is faced with the problem of potential conflicts in the interactions among the components. Of particular difficulty is guaranteeing compatibility in the dynamic interaction behavior. Using an architectural description of the system and its intended components, the engineer can reason about the interactions early and at a high level of abstraction. In this paper we give a case study of the Compressing Proxy system, which was first investigated by Garlan, Kindred, and Wing. We present architectural specifications and analyses of two versions of the system. One version is a seemingly obvious melding of the components. The other is a solution to deadlock problems uncovered by formal analyses of the first version. We use the Chemical Abstract Machine as an example of an architectural description formalism that can help uncover architectural mismatches in the behavior of components.

Science of Computer Programming, vol. 33, no. 2, February 1999, pp. 101-131.


Event-Based Detection of Concurrency

Jonathan E. Cook and Alexander L. Wolf

Understanding the behavior of a system is crucial in being able to modify, maintain, and improve the system. A particularly difficult aspect of some system behaviors is concurrency. While there are many techniques to specify intended concurrent behavior, there are few, if any, techniques to capture and model actual concurrent behavior. This paper presents a technique to discover patterns of concurrent behavior from traces of system events. The technique is based on a probabilistic analysis of the event traces. Using metrics for the number, frequency, and regularity of event occurrences, a determination is made of the likely concurrent behavior being manifested by the system. The technique is useful in a wide variety of software engineering tasks, including architecture discovery, reengineering, user interaction modeling, and software process improvement.

SIGSOFT '98: Sixth International Symposium on the Foundations of Software Engineering, Orlando, Florida, November 1998, pp. 35-45.


Architecture-Level Dependence Analysis in Support of Software Maintenance

Judith A. Stafford and Alexander L. Wolf

Software maintenance is the most costly phase of software development. Two factors contributing to the high cost are the late detection of system failures and the increasing difficulty of understanding a system as it ages. The advent of formal architecture description languages (ADLs) provides an opportunity to reason about the correctness of a system at the earliest stages of development as well as at a high level of abstraction throughout its life.

In general, there are many kinds of questions one might want to ask at an architectural level for maintenance purposes as varied as reuse, reverse engineering, fault localization, impact analysis, regression testing, and workspace management. These kinds of questions are similar to those currently asked at the implementation level and answered through static dependence analysis techniques applied to program code. It seems reasonable, therefore, to apply similar techniques at the architectural level, either because the program code may not exist at the time the question is being asked or because answering the question at the architectural level is more tractable than at the implementation level. We are developing an architecture-level dependence analysis technique, called port-to-port chaining, and implementing the technique in a tool called Aladdin.

Third International Software Architecture Workshop, Orlando, Florida, November 1998, pp. 129-132.

A later version appears here.


Versioned Software Architecture

André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf

In this position paper we introduce a novel use of software architecture. Rather than following the traditional focus on design, we propose to use the notion of versioned software architecture to support other activities in the software life cycle. In particular, we are investigating how the activities of configuration management and software deployment can benefit from the availability of an explicit architectural representation that is enhanced with versioning capabilities. In this paper we present some of the initial results of this investigation. We motivate our research into versioned software architecture, present some usage scenarios in the context of configuration management and software deployment, and conclude with an outlook at the future work that remains to be done.

Third International Software Architecture Workshop, Orlando, Florida, November 1998, pp. 73-76.


Issues in Supporting Event-Based Architectural Styles

Antonio Carzaniga, Elisabetta Di Nitto, David S. Rosenblum and Alexander L. Wolf

The development of complex software systems is demanding well established approaches that guarantee robustness of products, economy of the development process, and rapid time to market. This need is becoming more and more relevant as the requirements of customers and the potential of computer telecommunication networks grow. To address this issue, researchers in the field of software architecture are defining a number of languages and tools that support the definition and validation of the architecture of systems. Also, a number of architectural styles are being formalized. A style that is very prevalent for large-scale distributed applications is the event-based style. In an event-based style, components communicate by generating and receiving event notifications. In this paper we identify the event-based style variations introduced by a number of event-based middleware infrastructures and point out the advantages and drawbacks of the different approaches as well as the open issues.

Third International Software Architecture Workshop, Orlando, Florida, November 1998, pp. 17-20.


Evaluating Software Deployment Languages and Schema

Richard S. Hall, Dennis M. Heimbigner, and Alexander L. Wolf

Software distribution is evolving from a physical media approach to one where it is practical and advantageous to leverage the connectivity of networks. Network distribution of software systems provides timeliness and continuity of evolution not possible with physical media distribution methods. To support network-based software distribution, companies and organizations such as Microsoft, Marimba, and the Desktop Management Task Force (DMTF) are strengthening their efforts to package software systems in a way that is conducive to network distribution and management. The result of these efforts has led to the creation of software description languages and schema such as the Open Software Description format created by Microsoft and Marimba and the Management Information Format created by DMTF. While these efforts are steps in the right direction, they do not address deployment issues in a complete and systematic fashion. The contribution of this paper is to evaluate these leading software description technologies.

1998 International Conference on Software Maintenance, Bethesda, Maryland, November 1998, pp. 177-185.

retrieve compressed Postscript


Investigating the Applicability of Architecture Description in Configuration Management and Software Deployment

André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf

The discipline of software architecture has traditionally been concerned with high-level design. In particular, a variety of architecture description languages have been developed that are used to precisely capture a design. Additionally, analysis tools have been constructed that are used to verify particular properties of a design. However, today's trend towards the development of component-based software seems to suggest a new use of software architecture. Because an architecture captures components and the connections among them, it could potentially be used as an organizing abstraction for many of the activities in the software life cycle. In this paper we present an initial investigation into the feasibility of such use. In particular, we closely examine the role system modeling plays in the fields of configuration management and software deployment, and relate this role to the system modeling capabilities of architecture description languages. The outcome of this investigation is twofold. First, we conclude that, for the specific cases of configuration management and software deployment, the use of software architecture brings opportunities to significantly extend the provided functionality. Second, we present requirements for a number of extensions to typical architecture description languages that are needed to make our approach viable.

Technical Report CU-CS-862-98, Department of Computer Science, University of Colorado, Boulder, Colorado, September 1998.

retrieve compressed Postscript


Cost-Effective Analysis of In-Place Software Processes

Jonathan E. Cook, Lawrence G. Votta, and Alexander L. Wolf

Process studies and improvement efforts typically call for new instrumentation on the process in order to collect the data they have deemed necessary. This can be intrusive and expensive, and resistance to the extra workload often foils the study before it begins. The result is neither interesting new knowledge nor an improved process. In many organizations, however, extensive historical process and product data already exist. Can these existing data be used to empirically explore what process factors might be affecting the outcome of the process? If they can, organizations would have a cost-effective method for quantitatively, if not causally, understanding their process and its relationship to the product. We present a case study that analyzes an in-place industrial process and takes advantage of existing data sources. In doing this, we also illustrate and propose a methodology for such exploratory empirical studies. The case study makes use of several readily available repositories of process data in the industrial organization. Our results show that readily available data can be used to correlate both simple aggregate metrics and complex process metrics with defects in the product. Through the case study, we give evidence supporting the claim that exploratory empirical studies can provide significant results and benefits while being cost effective in their demands on the organization.

IEEE Transactions on Software Engineering, vol. 24, no. 8, August 1998, pp. 650-663.


Design of a Scalable Event Notification Service: Interface and Architecture

Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf

Event-based distributed systems are programmed to operate in response to events. An event notification service is an application-independent infrastructure that supports the construction of event-based systems. While numerous technologies have been developed for supporting event-based interactions over local-area networks, these technologies do not scale well to wide-area networks such as the Internet. Wide-area networks pose new challenges that have to be attacked with solutions that specifically address issues of scalability. This paper presents Siena, a scalable event notification service that is based on a distributed architecture of event servers. We first present a formally defined interface that is based on an extension to the publish/subscribe protocol. We then describe and compare several different server topologies and routing algorithms. We conclude by briefly discussing related work, our experience with an initial implementation of Siena, and a framework for evaluating the scalability of event notification services such as Siena.

Technical Report CU-CS-863-98, Department of Computer Science, University of Colorado, Boulder, Colorado, August 1998.

retrieve compressed Postscript


Discovering Models of Software Processes from Event-Based Data

Jonathan E. Cook and Alexander L. Wolf

Many software process methods and tools presuppose the existence of a formal model of a process. Unfortunately, developing a formal model for an on-going, complex process can be difficult, costly, and error prone. This presents a practical barrier to the adoption of process technologies, which would be lowered by automated assistance in creating formal models. To this end, we have developed a data analysis technique that we term process discovery. Under this technique, data describing process events are first captured from an on-going process and then used to generate a formal model of the behavior of that process. In this article we describe a Markov method that we developed specifically for process discovery, as well as describe two additional methods that we adopted from other domains and augmented for our purposes. The three methods range from the purely algorithmic to the purely statistical. We compare the methods and discuss their application in an industrial case study.

ACM Transactions on Software Engineering and Methodology, vol. 7, no. 3, July 1998, pp. 215-249.


Requirements for Software Deployment Languages and Schema

Richard S. Hall, Dennis M. Heimbigner, and Alexander L. Wolf

Software distribution via networks provides timeliness and continual evolution that is not possible with physical media distribution methods. Organizations such as Microsoft, Marimba, and the Desktop Management Task Force are strengthening their efforts to package software systems in ways that are conducive to network distribution. The result of these efforts has led to the creation of software description languages and schema, but they do not address deployment issues in a complete, systematic fashion. The contribution of this paper is to define and explore the requirements for software deployment languages and schema.

8th International Symposium on System Configuration Management, Lecture Notes in Computer Science 1439, Springer-Verlag, Berlin, 1998, pp. 198-203.


System Modeling Resurrected

André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf

Over the past few years, research into system modeling has dwindled in favor of other interests in the field of configuration management. Outside influence, in the form of the emergence of the discipline of software architecture, demands that renewed attention is paid to system modeling because it places new requirements on, and offers new opportunities to, system modeling. In this paper we investigate these requirements and opportunities in more detail.

8th International Symposium on System Configuration Management, Lecture Notes in Computer Science 1439, Springer-Verlag, Berlin, 1998, pp. 140-145.


Balboa: A Framework for Event-Based Process Data Analysis

Jonathan E. Cook and Alexander L. Wolf

Software process research has suffered from a lack of focussed data analysis techniques and tools. Part of the problem is the ad hoc and heterogeneous nature of the data, as well as the methods of collecting those data. While collection methods must be specific to their data source, analysis tools should be shielded from specific data formats and idiosyncrasies.

We have built Balboa as a bridge between the data collection and the analysis tools, facilitating the gathering and management of event data, and simplifying the construction of tools to analyze the data. Balboa is a framework that provides to collection methods a flexible data registration mechanism, and provides to tools a consistent set of data manipulation, management, and access services. It unites the variety of collection mechanisms with the variety of tools, thus paving the way for more extensive application of process improvement techniques based on data analysis.

Fifth International Conference on the Software Process, Lisle, Illinois, June 1998, pp. 99-110.

retrieve compressed Postscript


Feature Engineering

C. Reid Turner, Alfonso Fuggetta, Luigi Lavazza, and Alexander L. Wolf

The notion of feature is widely used to denote the functional structure and visible properties of a software system. More specifically, features are meant to represent a user-centric organization of a software system's functionality. Yet, other than during requirements analysis, features are seldom treated explicitly by most existing tools and methods.

This paper argues that a feature-orientation can provide benefits to software developers throughout the software life cycle. We envisage specific applications of the notion of feature that provide a powerful and unifying structure for software life cycle artifacts and activities. We discuss the problems and issues to be addressed, a brief summary of our current research work, and suggestions and directions for future research in a new area we call "feature engineering".

Ninth International Workshop on Software Specification and Design, Ise-shima, Japan, April 1998, pp. 162-164.

A later version appears here.

retrieve compressed Postscript


Aladdin: A Tool for Architecture-Level Dependence Analysis of Software Systems

Judith A. Stafford, Debra J. Richardson, and Alexander L. Wolf

The emergence of formal architecture description languages provides an opportunity to perform analyses at high levels of abstraction, as well as early in the development process. Previous research has primarily focused on developing techniques such as algebraic and transition-system analysis to detect component mismatches or global behavioral incorrectness. In this paper, we present Aladdin, a tool that implements chaining, a static dependence analysis technique for use with architectural descriptions. Dependence analysis has been used widely at the implementation level to aid program optimization, anomaly checking, program understanding, testing, and debugging. We investigate the definition and application of dependence analysis at the architectural level. We illustrate the utility of chaining, through the use of Aladdin, by showing how the technique can be used to answer various questions one might pose of a Rapide architecture specification.

Technical Report CU-CS-858-98, Department of Computer Science, University of Colorado, Boulder, Colorado, April 1998.

A later version appears here.

retrieve compressed Postscript


A Characterization Framework for Software Deployment Technologies

Antonio Carzaniga, Alfonso Fuggetta, Richard S. Hall, Dennis Heimbigner, André van der Hoek, and Alexander L. Wolf

Software applications are no longer stand-alone systems. They are increasingly the result of integrating heterogeneous collections of components, both executable and data, possibly dispersed over a computer network. Different components can be provided by different producers and they can be part of different systems at the same time. Moreover, components can change rapidly and independently, making it difficult to manage the whole system in a consistent way. Under these circumstances, a crucial step of the software life cycle is deployment---that is, the activities related to the release, installation, activation, deactivation, update, and removal of components, as well as whole systems.

This paper presents a framework for characterizing technologies that are intended to support software deployment. The framework highlights four primary factors concerning the technologies: process coverage; process changeability; interprocess coordination; and site, product, and deployment policy abstraction. A variety of existing technologies are surveyed and assessed against the framework. Finally, we discuss promising research directions in software deployment.

Technical Report CU-CS-857-98, Department of Computer Science, University of Colorado, Boulder, Colorado, April 1998.

retrieve compressed Postscript


Software Process Modeling and Execution within Virtual Environments

John C. Doppke, Dennis Heimbigner, and Alexander L. Wolf

In the past, multiuser virtual environments have been developed as venues for entertainment and social interaction. Recent research focuses instead on their utility in carrying out work in the real world. This research has identified the importance of a mapping between the real and the virtual that permits the representation of real tasks in the virtual environment. In this paper we investigate the use of virtual environments---in particular, MUDs (Multi-User Dimensions)---in the domain of software process. In so doing, we define a mapping, or metaphor, that permits the representation of software processes within a MUD. The system resulting from this mapping, called Promo, permits the modeling and execution of software processes by geographically dispersed agents.

ACM Transactions on Software Engineering and Methodology, vol. 7, no. 1, January 1998, pp. 1-40.


A Highly Effective Partition Selection Policy for Object Database Garbage Collection

Jonathan E. Cook, Alexander L. Wolf, and Benjamin G. Zorn

We investigate methods to improve the performance of algorithms for automatic storage reclamation of object databases. These algorithms are based on a technique called partitioned garbage collection, in which a subset of the entire database is collected independently of the rest. We evaluate how different application, database system, and garbage collection implementation parameters affect the performance of garbage collection in object database systems. We focus specifically on investigating the policy that is used to select which partition in the database should be collected. Three of the policies that we investigate are based on the intuition that the values of overwritten pointers provide good hints about where to find garbage. A fourth policy investigated chooses the partition with the greatest presence in the I/O buffer. Using simulations based on a synthetic database, we show that one of our policies requires less I/O to collect more garbage than any existing implementable policy. Furthermore, that policy performs close to a locally optimal policy over a wide range of simulation parameters, including database size, collection rate, and database connectivity. We also show what impact these simulation parameters have on application performance and investigate the expected costs and benefits of garbage collection in such systems.

IEEE Transactions on Knowledge and Data Engineering, vol. 10, no. 1, January/February 1998, pp. 153-172.


Software Architecture, Configuration Management, and Configurable Distributed Systems: A Ménage a Trois

André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf

Software architecture, configuration management, and configurable distributed systems are three areas of research that until now have evolved separately. Contributions in each field have focused on their respective area of concern. However, as solutions in the three fields tend to center around some notion of a system model, it is worthwhile to investigate their relationship in detail. In particular, the large amount of overlap among the system models developed in each area, combined with the complementary nature of the differences among them, suggests that an approach based on a common system model is viable. In this paper, we illustrate the benefits of using such a unified system model, identify the commonalities and differences among the existing system models, and present some of our initial experiments that we believe will lead to the development of a single system model that is usable in all three fields.

Technical Report CU-CS-849-98, Department of Computer Science, University of Colorado, Boulder, Colorado, January 1998.

retrieve compressed Postscript


Chaining: A Software Architecture Dependence Analysis Technique

Judith A. Stafford, Debra J. Richardson, and Alexander L. Wolf

The emergence of formal architecture description languages provides an opportunity to perform analyses at high levels of abstraction. Research has primarily focused on developing techniques such as algebraic and transition-system analysis to detect component mismatches or global behavioral incorrectness. In this paper, we describe chaining, a technique similar in concept and application to program slicing, in which the goal is to reduce the portions of an architecture that must be examined by an architect for some purpose, such as testing or debugging. In chaining, links represent the dependence relationships that exist in an architectural specification. Links connect elements of the specification that are directly related, producing a chain of dependencies that can be followed during analysis. We illustrate the utility of chaining by showing how the technique can be used to answer various questions one might pose of a Rapide architecture specification.

Technical Report CU-CS-845-97, Department of Computer Science, University of Colorado, Boulder, Colorado, September 1997.

A later version appears here.

retrieve compressed Postscript


A Design Framework for Internet-Scale Event Observation and Notification

David S. Rosenblum and Alexander L. Wolf

There is increasing interest in having software systems execute and interoperate over the Internet. Execution and interoperation at this scale imply a degree of loose coupling and heterogeneity among the components from which such systems will be built. One common architectural style for distributed, loosely-coupled, heterogeneous software systems is a structure based on event generation, observation and notification. The technology to support this approach is well-developed for local area networks, but it is ill-suited to networks on the scale of the Internet. Hence, new technologies are needed to support the construction of large-scale, event-based software systems for the Internet. We have begun to design a new facility for event observation and notification that better serves the needs of Internet-scale applications. In this paper we present results from our first step in this design process, in which we defined a framework that captures many of the relevant design dimensions. Our framework comprises seven models-an object model, an event model, a naming model, an observation model, a time model, a notification model, and a resource model. The paper discusses each of these models in detail and illustrates them using an example involving an update to a Web page. The paper also evaluates three existing technologies with respect to the seven models.

6th European Software Engineering Conference (held jointly with SIGSOFT '97: Fifth International Symposium on the Foundations of Software Engineering), Lecture Notes in Computer Science 1301, Springer, Berlin, 1997, pp. 344-360.

Winner of the 2008 ACM SIGSOFT Impact Award.


Software Release Management

André van der Hoek, Richard S. Hall, Dennis Heimbigner, and Alexander L. Wolf

A poorly understood and underdeveloped part of the software process is software release management, which is the process through which software is made available to and obtained by its users. Complicating software release management is the increasing tendency for software to be constructed as a ``system of systems'', assembled from pre-existing, independently produced, and independently released systems. Both developers and users of such software are affected by these complications. Developers need to accurately document complex and changing dependencies among the systems constituting the software. Users will be heavily involved in the location, retrieval, and assembly process of the systems in order to appropriately configure the software to their particular environment. In this paper we identify the issues encountered in software release management, and present an initial set of requirements for a software release management tool. We then describe a prototype of such a tool that supports both developers and users in the software release management process.

6th European Software Engineering Conference (held jointly with SIGSOFT '97: Fifth International Symposium on the Foundations of Software Engineering), Lecture Notes in Computer Science 1301, Springer, Berlin, 1997, pp. 159-175.

A later version appears here.


Checking Assumptions in Component Dynamics at the Architectural Level

Paola Inverardi, Alexander L. Wolf, and Daniel Yankelevich

A critical challenge faced by the developer of a software system is to understand whether the system's components correctly integrate. While type theory has provided substantial help in detecting and preventing errors in mismatched static properties, much work remains in the area of dynamics. In particular, components make assumptions about their behavioral interaction with other components, but currently we have only limited ways in which to state those assumptions and to analyze those assumptions for correctness.

We have begun to formulate a method that addresses this problem. The method operates at the architectural level so that behavioral integration errors, such as deadlock, can be revealed early in development. For each component, a specification is given both of its own interaction behavior and of the assumptions that it makes about the interaction behavior of the external context in which it expects to operate. We have defined an algorithm that, given such specifications for a set of components, performs ``adequacy'' checks between the component context assumptions and the component interaction behaviors. A configuration of a system is possible if and only if a successful way of ``matching'' actual behaviors with assumptions can be found. In effect, we are extending the usual notion of type checking to include the checking of behavioral compatibility.

Second International Conference on Coordination Models and Languages (COORD '97), Lecture Notes in Computer Science 1282, Springer, Berlin, 1997, pp. 46-63.

A later version appears here.

retrieve compressed Postscript


An Architecture for Post-Development Configuration Management in a Wide-Area Network

Richard S. Hall, Dennis Heimbigner, André van der Hoek, and Alexander L. Wolf

Few tools exist to address the post-development activities of configuring, releasing, installing, updating, reconfiguring, and even de-installing a software system. Certainly there is no unified approach for all of these activities, and none that can take full advantage of a wide-area network. The Software Dock represents an architecture for supporting post-development activities in such a setting. It is designed as a system of loosely-coupled, cooperating, distributed components that are bound together by a wide-area messaging and event system. In this paper we describe the Software Dock architecture and discuss the use of a prototype in deploying a complex system.

17th International Conference on Distributed Computing Systems, Baltimore, Maryland, May 1997, pp. 269-278.

retrieve compressed Postscript


Succeedings of the Second International Software Architecture Workshop

Alexander L. Wolf

Interest in software architecture as an area of research, education, and practice within software engineering has been growing steadily over the past decade. Software architecture is concerned with the principled study of large-grained software components, including their properties, relationships, and patterns of combination. It is becoming clear that one key to the effective development, operation, and evolution of software systems is the design and evaluation of appropriate architectures. As a complement to the Fourth Symposium on the Foundations of Software Engineering (FSE-4), whose theme was software architecture, the Second International Software Architecture Workshop (ISAW-2) brought together practitioners and researchers for two intense days of discussion and work. This paper summarizes the results of the workshop.

ACM SIGSOFT Software Engineering Notes, vol. 22, no. 1, January 1997, pp. 42-56.


Report from the NSF Workshop on Workflow and Process Automation in Information Systems

Amit Sheth, Dimitrios Georgakopoulos, Stef M.M. Joosten, Marek Rusinkiewicz, Walt Scacchi, Jack Wileden, and Alexander L. Wolf

An interdisciplinary research community needs to address challenging issues raised by applying workflow management technology in information systems. This conclusion results from the NSF workshop on Workflow and Process Automation in Information Systems which was held at the State Botanical Garden of Georgia during May 8-10, 1996. The workshop brought together active researchers and practitioners from several communities, with significant representation from database and distributed systems, software process and software engineering, and computer supported cooperative work. This report is the joint work of selected representatives from the workshop and it documents the results of significant group discussions and exchange of ideas.

ACM SIGSOFT Software Engineering Notes, vol. 22, no. 1, January 1997, pp. 28-38.


Software Testing at the Architectural Level

Debra J. Richardson and Alexander L. Wolf

This paper argues that with the advent of explicitly specified software architectures, testing can be done effectively at the architectural level. A software architecture specification provides a solid foundation for developing a plan for testing at this level. We propose several architecture-based test criteria based on the Chemical Abstract Machine model of software architecture. An architectural (integration) test plan, developed by applying selected of these criteria, can be used to assess the architecture itself or to test the implementation's conformance with the architecture. This facilitates detecting defects earlier in the software lifecycle, enables leveraging software testing costs across multiple systems developed from the same architecture, and also leverages the effort put into developing a software architecture.

Second International Software Architecture Workshop (ISAW-2), San Francisco, California, October 1996, pp. 68-71.


Succeedings of the 8th International Workshop on Software Specification and Design

Jeff Kramer and Alexander L. Wolf

The 8th International Workshop on Software Specification and Design (IWSSD-8) was held at Schloss Velen, Germany, in March 1996. Like its predecessors, IWSSD-8 maintained the principle that the accepted papers should serve as background material for the workshop. Therefore, the workshop did not include formal paper presentations, but rather provided an opportunity to engage in real work, with intensive discussions focussed around major themes. Each theme was discussed in a separate working group directed by a Working Group Chair who organized their group members so as to discuss the research issues of that particular theme. This year the themes selected were Requirements Engineering, Design Engineering, Software Architecture, and Concurrency/Distribution. This paper summarizes the results of the workshop in general and the working group discussions in particular.

ACM SIGSOFT Software Engineering Notes, vol. 21, no. 5, September 1996, pp. 21-35.


Software in the Field Needs Process Too

Dennis Heimbigner and Alexander L. Wolf

This paper presents a method that can be used for the elicitation and specification of requirements and high-level design. It supports stakeholder-based modeling, rapid feasibility feedback to marketing, and the interpersonal dynamics that are necessary to develop a product. The method centers on the role of the "facilitator", an independent agent whose purpose is to build the Integrated System Model (ISM). The ISM is the product of merging the independent system views from all stakeholders at any given abstraction level. Formulation of this method was based on the real-world experience of developing a complex, high-technology medical product with critical time-to-market pressures. It has proven to be a practical approach to the evolution of requirements definition and provides a necessary link to the marketing aspect of a product.

10th International Software Process Workshop, Dijon, France, June 1996, pp. 71-73.

retrieve compressed Postscript


Semi-automatic, Self-adaptive Control of Garbage Collection Rates in Object Databases

Jonathan E. Cook, Artur W. Klauser, Alexander L. Wolf, and Benjamin G. Zorn

A fundamental problem in automating object database storage reclamation is determining how often to perform garbage collection. We show that the choice of collection rate can have a significant impact on application performance and that the ``best'' rate depends on the dynamic behavior of the application, tempered by the particular performance goals of the user. We describe two semi-automatic, self-adaptive policies for controlling collection rate that we have developed to address the problem. Using trace-driven simulations, we evaluate the performance of the policies on a test database application that demonstrates two distinct reclustering behaviors. Our results show that the policies are effective at achieving user-specified levels of I/O operations and database garbage percentage. We also investigate the sensitivity of the policies over a range of object connectivities. The evaluation demonstrates that semi-automatic, self-adaptive policies are a practical means for flexibly controlling garbage collection rate.

ACM SIGMOD International Conference on Management of Data, Montreal, Canada, June 1996, pp. 377-388.


Discovery and Validation of Processes

Jonathan E. Cook and Alexander L. Wolf

We are developing automated data analysis methods to help organizations understand, improve, and control their processes. The methods use process event data to reveal significant behavioral characteristics of processes. The two main areas we are addressing are process discovery and process validation. Process discovery uses event data to create formal models of processes that can be used to understand an organization's processes. Process validation uncovers discrepancies between an organization's intended processes and the processes actually followed. We have implemented prototype discovery and validation tools within a common event-data analysis framework called Balboa.

NSF Workshop on Workflow and Process Automation in Information Systems, Athens, Georgia, May 1996.

retrieve compressed Postscript


Language-Based Support for Metadata

John Doppke, Dennis Heimbigner, and Alexander L. Wolf

Metadata is spreading beyond its historical application area, database management systems, to areas such as distributed object programming, large-grained parallel scientific computation, and large-scale continuously running systems. We therefore see significant benefits in moving from the current ad hoc, application-specific mechanisms to a unifying and generalizing metadata model.

Our goal is to develop packages and tools to support the development and use of metadata. Our approach is to exploit the power of language-processing technology to capture the range of metadata complexities conveniently and uniformly. In essence, we are creating a generic ``metamodel'' representation scheme that can be specialized to particular metadata applications. We have built a prototype, called CRIME, that demonstrates our ideas in the application area of distributed object technology.

First IEEE Metadata Conference, Silver Spring, Maryland, April 1996.

retrieve compressed Postscript


A Facilitator Method for Upstream Design Activities with Diverse Stakeholders

Regina M. Gonzales and Alexander L. Wolf

This paper presents a method that can be used for the elicitation and specification of requirements and high-level design. It supports stakeholder-based modeling, rapid feasibility feedback to marketing, and the interpersonal dynamics that are necessary to develop a product. The method centers on the role of the "facilitator", an independent agent whose purpose is to build the Integrated System Model (ISM). The ISM is the product of merging the independent system views from all stakeholders at any given abstraction level. Formulation of this method was based on the real-world experience of developing a complex, high-technology medical product with critical time-to-market pressures. It has proven to be a practical approach to the evolution of requirements definition and provides a necessary link to the marketing aspect of a product.

1996 International Conference on Requirements Engineering, Colorado Springs, Colorado, April 1996, pp. 190-197.

retrieve compressed Postscript


A Generic, Peer-to-Peer Repository for Distributed Configuration Management

André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf

Distributed configuration management is intended to support the activities of projects that span multiple sites. NUCM is a testbed that we are developing to help us explore the issues of distributed configuration management. NUCM separates configuration management repositories (i.e., the stores for versions of artifacts) from configuration management policies (i.e., the procedures by which the versions are manipulated) by providing a generic model of a distributed repository and an associated programmatic interface. This paper describes the model and the interface, presents an initial repository distribution mechanism, and sketches how NUCM can be used to implement two, rather different, configuration management policies, namely check-in/check-out and change sets.

18th International Conference on Software Engineering, Berlin, Germany, March 1996, pp. 308-317.

A later version appears here.

retrieve compressed Postscript


Post-Deployment Configuration Management

Dennis Heimbigner and Alexander L. Wolf

Configuration management must move beyond its traditional development-time concerns with source files. Future software systems will be delivered in binary form and will be composed from pre-existing systems. The term Post-Deployment Configuration Management is proposed to address the problems introduced in managing these new kinds of versioned configurations.

6th International Workshop on Software Configuration Management, Lecture Notes in Computer Science 1167, Springer-Verlag, Berlin, 1996, pp. 272-276.

retrieve compressed Postscript


Generating Testing and Analysis Tools with Aria

Premkumar T. Devanbu, David S. Rosenblum, and Alexander L. Wolf

Many software testing and analysis tools manipulate graph representations of programs, such as abstract syntax trees or abstract semantics graphs. Handcrafting such tools in conventional programming languages can be difficult, error prone, and time consuming. Our approach is to use application generators targeted for the domain of graph-representation-based testing and analysis tools. Moreover, we generate the generators themselves, so that the development of tools based on different languages and/or representations can also be supported better. In this article we report on our experiences in developing and using a system called Aria that generates testing and analysis tools based on an abstract semantics graph representation for C and C++ called Reprise. Aria itself was generated by the Genoa system. We demonstrate the utility of Aria and, thereby, the power of our approach, by showing Aria's use in the development of a number of useful testing and analysis tools.

ACM Transactions on Software Engineering and Methodology, vol. 5, no. 1, January 1996, pp. 42-62.


Formal Specification and Analysis of Software Architectures Using the Chemical Abstract Machine Model

Paola Inverardi and Alexander L. Wolf

We are exploring an approach to formally specifying and analyzing software architectures that is based on viewing software systems as chemicals whose reactions are controlled by explicitly stated rules. This powerful metaphor was devised in the domain of theoretical computer science by Banatre and Le Metayer and then reformulated as the Chemical Abstract Machine, or CHAM, by Berry and Boudol. The CHAM formalism provides a framework for developing operational specifications that does not bias the described system toward any particular computational model and that encourages the construction and use of modular specifications at different levels of detail. We illustrate the use of the CHAM for architectural description and analysis by applying it to two different architectures for a simple, but familiar, software system, the multiphase compiler.

IEEE Transactions on Software Engineering, vol. 21, no. 4, April 1995, pp. 373-386.


Automating Process Discovery through Event-Data Analysis

Jonathan E. Cook and Alexander L. Wolf

Many software process methods and tools presuppose the existence of a formal model of a process. Unfortunately, developing a formal model for an on-going, complex process can be difficult, costly, and error prone. This presents a practical barrier to the adoption of process technologies. The barrier would be lowered by automating the creation of formal models. We are currently exploring techniques that can use basic event data captured from an on-going process to generate a formal model of process behavior. We term this kind of data analysis "process discovery". This paper describes and illustrates three methods with which we have been experimenting: algorithmic grammar inference, Markov models, and neural networks.

17th International Conference on Software Engineering, Seattle, Washington, April 1995, pp. 373-386.

A later version appears here.


Does Configuration Management Research Have a Future?

André van der Hoek, Dennis Heimbigner, and Alexander L. Wolf

In this position paper we raise the question of whether Configuration Management (CM) research has a future. The new standard in CM systems -- typified by commercial products such as Adele, ADC, ClearCase, Continuus/CM, and CCC/Harvest -- largely satisfies the CM functionality requirements posed by Dart. This implies that research in the area of CM is either unnecessary or that we must find new challenges in CM on which to focus. We believe that these challenges indeed exist. Here we present some areas that we feel are good opportunities for new or continued CM research, and therefore conclude that CM research does have a future.

5th International Workshop on Software Configuration Management, Lecture Notes in Computer Science 1005, Springer-Verlag, Berlin, 1995, pp. 305-309.

retrieve compressed Postscript


Toward Metrics for Process Validation

Jonathan E. Cook and Alexander L. Wolf

To a great extent, the usefulness of a formal model of a software process lies in its ability to accurately predict the behavior of the executing process. Similarly, the usefulness of an executing process lies largely in its ability to fulfill the requirements embodied in a formal model of the process. When process models and process executions diverge, something significant is happening. We are developing techniques for uncovering discrepancies between models and executions under the rubric of "process validation". Further, we are developing metrics for process validation that give engineers a feel for the severity of the discrepancy. We view the metrics presented here as a first step toward a suite of useful metrics for process validation.

Third International Conference on the Software Process, Reston, Virginia, October 1994, pp. 33-44.

A later version appears here.

retrieve compressed Postscript


Partition Selection Policies in Object Database Garbage Collection

Jonathan E. Cook, Alexander L. Wolf, and Benjamin G. Zorn

The automatic reclamation of storage for unreferenced objects is very important in object databases. Existing language system algorithms for automatic storage reclamation have been shown to be inappropriate. In this paper, we investigate methods to improve the performance of algorithms for automatic storage reclamation of object databases. These algorithms are based on a technique called partitioned garbage collection, in which a subset of the entire database is collected independently of the rest. Specifically, we investigate the policy that is used to select what partition in the database should be collected. The policies that we propose and investigate are based on the intuition that the values of overwritten pointers provide good hints about where to find garbage. Using trace-driven simulation, we show that one of our policies requires less I/O to collect more garbage than any existing implementable policy and performs close to a near-optimal policy over a wide range of database sizes and object connectivities.

SIGMOD 1994 International Conference on Management of Data, Minneapolis, Minnesota, May 1994, pp. 371-382.

A later version appears here.


Automated Construction of Testing and Analysis Tools

Premkumar T. Devanbu, David S. Rosenblum, and Alexander L. Wolf

Many software testing and analysis tools manipulate graph representations of programs, such as abstract syntax trees or abstract semantics graphs. Hand-crafting such tools in conventional programming languages can be difficult, error prone, and time consuming. Our approach is to use application generators targeted for the domain of graph-representation-based testing and analysis tools. Moreover, we generate the generators themselves, so that the development of tools based on different languages and/or representations can also be supported better. In this paper we report on our experiences in developing a system called Aria that generates testing and analysis tools based on an abstract semantics graph representation for C and C++ called Reprise. Aria itself was generated by the Genoa system. We demonstrate the utility of Aria and, thereby, the power of our approach, by showing Aria's use in the development of a tool that derives control dependence graphs directly from Reprise abstract semantics graphs.

16th International Conference on Software Engineering, Sorrento, Italy, May 1994, pp. 241-250.

A later version appears here.

retrieve compressed Postscript


Software Configuration Management

Alexander L. Wolf

This file contains slides from an invited talk on the state of the art in software configuration management presented at the 16th International Conference on Software Engineering, Sorrento, Italy, May 1994.

retrieve compressed Postscript


Semantic Synchronization in a Persistent Object System Library

Andrea H. Skarra, Naser S. Barghouti, and Alexander L. Wolf

This paper describes a synchronization scheme that exploits the semantics of collections and indexes to improve concurrency in a persistent object system library. The library implements a common execution model in which data (rather than operations) are shipped between a transaction and the database at a granularity no smaller than an object. The paper describes the impact of the execution model on the extent to which semantics can be used in synchronization, and it develops several techniques that yield higher concurrency levels in this common, though restrictive, model. Finally, it examines the process and tradeoffs involved in designing a semantic synchronization protocol.

Sixth International Workshop on Persistent Object Systems (POS6), Tarascon, France, September 1994, pp. 129-146.

retrieve compressed Postscript


Process-Centered Environments (Only) Support Environment-Centered Processes

Alexander L. Wolf and David S. Rosenblum

The software process research community has concentrated a large measure of its effort on the problem of how to ``computerize'' the software process. In particular, the notion of a process-centered environment has emerged, dominating software environment research for the past several years. Among the many benefits touted for process-centered environments are the ability to automate various aspects of a process and the ability to monitor the progress of a process in order to guide, enforce, or measure that process. This approach has shown great promise and indeed has even shown some early successes. Unfortunately, this emphasis on computerization in general, and on process-centered environments in particular, tends to focus attention on exactly those aspects of process that can be computerized, while giving short shrift to those aspects not amenable to computerization.

Eighth International Software Process Workshop, Wadern, Germany, March 1993, pp. 148-149.

retrieve compressed Postscript


A Study in Software Process Capture and Analysis

Alexander L. Wolf and David S. Rosenblum

Process data capture is the activity of obtaining information about an existing software process. Process analysis is the manipulation of that information for purposes of problem identification. Capture and analysis are key elements in any strategy for software process improvement. We have developed a model of the software process that is based on a notion of events characterizing identifiable, instantaneous milestones in a process. We have also developed capture and analysis techniques suited to that model. This paper reports on a study that was undertaken to gain experience with both the model and the capture and analysis techniques. In that study, we captured event data on several actual enactments of the build process of a large, complex software project within AT&T. We entered the captured event data into a database and ran several queries against the data. The queries implement a variety of analyses on the event data by examining relationships among events, such as dependencies and time intervals. The output of the queries are statistical data that can be used to guide the design of process improvements. While the data we collected in the study are incomplete, our initial results demonstrate the viability of this approach to capture and analysis.

Second International Conference on the Software Process, Berlin, Germany, February 1993, pp. 115-124.

retrieve compressed Postscript


Issues Encountered in Building a Flexible Software Development Environment: Lessons from the Arcadia Project

R. Kadia (pseudonym for several authors, including Alexander L. Wolf)

This paper presents some of the more significant technical lessons that the Arcadia project has learned about developing effective software development environments. The principal components of the Arcadia-1 architecture are capabilities for process definition and execution, object management, user interface development and management, measurement and evaluation, language processing, and analysis and testing. In simultaneously and cooperatively developing solutions in these areas we learned several key lessons. Among them: the need to combine and apply heterogenous componentry, multiple techniques for developing components, the pervasive need for rich type models, the need for supporting dynamism (and at what granularity), the role and value of concurrency, and the role and various forms of event-based control integration mechanisms. These lessons are explored in the paper.

SIGSOFT '92: Fifth Symposium on Software Development Environments, Washington, DC, December 1992, pp. 169-180.


Foundations for the Study of Software Architecture

Dewayne E. Perry and Alexander L. Wolf

The purpose of this paper is to build the foundation for software architecture. We first develop an intuition for software architecture by appealing to several well-established architectural disciplines. On the basis of this intuition, we present a model of software architecture that consists of three components: elements, form, and rationale. Elements are either processing, data, or connecting elements. Form is defined in terms of the properties of, and the relationships among, the elements -- that is, the constraints on the elements. The rationale provides the underlying basis for the architecture in terms of the system constraints, which most often derive from the system requirements. We discuss the components of the model in the context of both architectures and architectural styles and present an extended example to illustrate some important architecture and style considerations. We conclude by presenting some of the benefits of our approach to software architecture, summarizing our contributions, and relating our approach to other current work.

ACM SIGSOFT Software Engineering Notes, vol. 17, no. 4, October 1992, pp. 40-52.

Winner of a 2011 ACM SIGSOFT Impact Award.


Specification-Level Interoperability

Jack C. Wileden, Alexander L. Wolf, William R. Rosenblatt, and Peri L. Tarr

Support for interoperability is becoming increasingly important with the advent of more and larger evolving, heterogeneous computing systems. By interoperability we mean the ability of two or more programs to communicate or work together despite having been written in different languages or language dialects. Frequently, interoperability also implies communication between two or more different execution domains, which may range from different run-time support systems within a single processor to physically distinct processors within a distributed computing system.

Communications of the ACM, vol. 34, issue 5, May 1991, pp. 72-87.


Representing Semantically Analyzed C++ Code with Reprise

David S. Rosenblum and Alexander L. Wolf

A prominent stumbling block in the spread of the C++ programming language has been a lack of programming and analysis tools to aid development and maintenance of C++ systems. One way to make the job of tool developers easier and to increase the quality of the tools they create is to factor out the common components of tools and provide the components as easily (re)used building blocks. Those building blocks include lexical, syntactic, and semantic analyzers, tailored database derivers, code annotators and instrumentors, and code generators. From these building blocks, tools such as structure browsers, data-flow analyzers, program\specification verifiers, metrics collectors, compilers, interpreters, and the like can be built more easily and cheaply. We believe that for C++ programming and analysis tools the most primitive building blocks are centered around a common representation of semantically analyzed C++ code.

In this paper we describe such a representation, called Reprise (REPResentation Including SEmantics). The conceptual model underlying Reprise is based on the use of expressions to capture all semantic information about both the C++ language and code written in C++. The expressions can be viewed as forming a directed graph, where there is an explicit connection from each use of an entity to the declaration giving the semantics of that entity. We elaborate on this model, illustrate how various features of C++ are represented, discuss some categories of tools that would create and manipulate Reprise representations, and briefly describe our current implementation. This paper is not intended to provide a complete definition of Reprise. Rather, its purpose is to introduce at a high level the basic approach we are taking in representing C++ code.

Third C++ Technical Conference, Washington, DC, April 1991, pp. 119-134.

retrieve compressed Postscript


A Comparative Evaluation of Object Definition Techniques for Large Prototype Systems

Jack C. Wileden, Lori A. Clarke, and Alexander L. Wolf

Although prototyping has long been touted as a potentially valuable software engineering activity, it has never achieved widespread use by developers of large-scale, production software. This is probably due in part to an incompatibility between the languages and tools traditionally available for prototyping (e.g., LISP or Smalltalk) and the needs of large-scale-software developers, who must construct and experiment with large prototypes. The recent surge of interest in applying prototyping to the development of large-scale, production software will necessitate improved prototyping languages and tools appropriate for constructing and experimenting with large, complex prototype systems. We explore techniques aimed at one central aspect of prototyping that we feel is especially significant for large prototypes, namely that aspect concerned with the definition of data objects. We characterize and compare various techniques that might be useful in defining data objects in large prototype systems, after first discussing some distinguishing characteristics of large prototype systems and identifying some requirements that they imply. To make the discussion more concrete, we describe our implementations of three techniques that represent different possibilities within the range of object definition techniques for large prototype systems.

ACM Transactions on Programming Languages and Systems, vol. 12, no. 4, October 1990, pp. 670-699.


OROS: Towards a Type Model for Software Development Environments

William R. Rosenblatt, Jack C. Wileden, and Alexander L. Wolf

Three important goals of next generation software development environments (SDEs) are extensibility, integration and broad scope. Our work on OROS is predicated on the hypothesis that a type model, incorporated into an environment's object manager, can contribute to achieving those goals. This paper reports on an attempt at applying object-oriented typing concepts in the domain of software development environments. We believe that the result is a type model that has properties of interest both to software environment builders and also to builders and users of object-oriented systems in general.

Object Oriented Programming Systems Languages and Applications (OOPSLA '89), New Orleans, Louisiana, October 1989, pp. 297-304.


The AdaPIC Tool Set: Supporting Interface Control and Analysis Throughout the Software Development Process

Alexander L. Wolf, Lori A. Clarke, and Jack C. Wileden

The AdaPIC tool set, an important component of an Ada software development environment, is discussed. The AdaPIC tool set is one particular instantiation, specifically adapted for use with Ada, of the more general collection of language features and analysis capabilities that constitute the PIC approach to describing and analyzing relationships among software system components. This tool set is being tailored to support an incremental approach to the interface control aspects of the software development process. Following a discussion of the PIC interface control and incremental development concepts, the AdaPIC tool set is described, concentrating on its analysis tools and support for incremental development and demonstrating how it contributes to the technology for developing large Ada software systems.

IEEE Transactions on Software Engineering, vol. 15, no. 3, March 1989, pp. 250-263.


PGRAPHITE: An Experiment in Persistent Typed Object Management

Jack C. Wileden, Alexander L. Wolf, Charles D. Fisher, and Peri L. Tarr

Defining, creating, and manipulating persistent typed objects will be central activities in future software environments. PGRAPHITE is a working prototype through which we are exploring the requirements for the persistent object capability of an object management system in the Arcadia software environment. PGRAPHITE represents both a set of abstractions that define a model for dealing with persistent objects in an environment and a set of implementation strategies for realizing that model. PGRAPHITE currently provides a type definition mechanism for one important class of types, namely directed graphs, and the automatic generation of Ada implementations for the defined types, including their persistence capabilities. We present PGRAPHITE, describe and motivate its model of persistence, outline the implementation strategies that it embodies, and discuss some of our experience with the current version of the system.

SIGSOFT '88: Third Symposium on Software Development Environments, Boston, Massachusetts, November 1988, pp. 130-142.

Winner of the Best Paper Award.


Foundations for the Arcadia Environment Architecture

Richard N. Taylor, Frank C. Belz, Lori A. Clarke, Leon J. Osterweil, Richard W. Selby, Jack C. Wileden, Alexander L. Wolf, and Michael Young

Early software environments have supported a narrow range of activities (programming environments) or else been restricted to a single "hard-wired" software development process. The Arcadia research project is investigating the construction of software environments that are tightly integrated, yet flexible and extensible enough to support experimentation with alternative software processes and tools. This has led us to view an environment as being composed of two distinct, cooperating parts. One is the variant part, consisting of process programs and the tools and objects used and defined by those programs. The other is the fixed part, or infrastructure, supporting creation, execution, and change to the constituents of the variant part. The major components of the infrastructure are a process programming language and interpreter, object management system, and user interface management system. Process programming facilitates precise definition and automated support of software development and maintenance activities. The object management system provides typing, relationships, persistence, distribution and concurrency control capabilities. The user interface management system mediates communication between human users and executing processes, providing pleasant and uniform access to all facilities of the environment. Research in each of these areas and the interaction among them is described.

SIGSOFT '88: Third Symposium on Software Development Environments, Boston, Massachusetts, November 1988, pp. 1-13.


Facilitating Process Prototyping by Controlling the Impact of Change

Jack C. Wileden, Lori A. Clarke, and Alexander L. Wolf

The UMass Software Development Laboratory (SDL), in collaboration with our colleagues in the Arcadia consortium, is working toward the development of advanced software environments. An important goal of this work is to support research on software processes. It is increasingly clear that such research must be based on experimental, exploratory, prototyping activities. It is equally clear that process prototyping will require a corresponding ability to rapidly produce and easily modify prototype software environments. As a result, one important element of SDL's environment research has been the development of appropriate tools and techniques to facilitate environment prototyping.

4th International Software Process Workshop, Devon, England, May 1988, pp. 163-166.


A Model of Visibility Control

Alexander L. Wolf, Lori A. Clarke, and Jack C. Wileden

A formal model for describing and evaluating visibility control mechanisms is introduced. The model reflects a general view of visibility in which the concepts of requisition of access and provision of access are distinguished. This model provides a means for characterizing and reasoning about the various properties of visibility control mechanisms. Specifically, the notion of preciseness is defined. The utility of the model is illustrated by using it to evaluate and compare the relative strengths and weaknesses, with respect to preciseness, of the visibility control mechanisms found in Algol 60, Ada, Gypsy, and an approach called PIC, which specifically addresses the concerns of visibility control in large software systems.

IEEE Transactions on Software Engineering, vol. 14, no. 4, April 1988, pp. 512-520.


Interface Control and Incremental Development in the PIC Environment

Alexander L. Wolf, Lori A. Clarke, and Jack C. Wileden

The PIC environment is designed to provide support for interface control that facilitates incremental development of a software system. Interface control, the description and analysis of relationships among system components, is important from the earliest stages of the software development process right through to the implementation and maintenance stages. Incremental development, wherein a software system is produced through a sequence of relatively small steps and progress may be rigorously and thoroughly assessed after each step, must be accommodated by any realistic model of the software development process. This paper focuses on the analysis component of the PIC environment and demonstrates how it contributes to precise interface control capabilities while supporting an incremental software development process.

8th International Conference on Software Engineering, London, England, August 1985, pp. 75-82.

A later version appears here.


Ada-Based Support for Programming-in-the-Large

Alexander L. Wolf, Lori A. Clarke, and Jack C. Wileden

Specialized language features and an integrated set of tools can help developers of a large software system describe, analyze, organize, and manage its many modules. We are developing an environment, based upon Ada, for programming-in-the-large. This environment relies upon a small number of specialized language features and an integrated set of tools; both have been carefully tailored to support incremental development and apply to allphases in the software life cycle.

IEEE Software, vol. 2, no. 2, March 1985, pp. 58-71.


Nesting in Ada Programs is for the Birds

Lori A. Clarke, Jack C. Wileden, and Alexander L. Wolf

Given a data abstraction construct like the Ada package and in light of current thoughts on programming methodology, we feel that nesting is an anachronism. In this paper we propose a nest-free program style for Ada that eschews nested program units and declarations within blocks and instead heavily utilizes packages and context specifications as mechanisms for controlling visibility. We view this proposal as a first step toward the development of programming methods that exploit the novel language features available in Ada. Consideration of this proposal's ramifications for data flow, control flow, and overall program structure substantiates our contention that a tree structure is seldom a natural representation of a program and that nesting therefore generally interferes with program development and readability.

ACM-SIGPLAN Symposium on the Ada Programming Language, Boston, Massachusetts, December 1980, pp. 139-145.


 Alexander L. Wolf | Baskin School of Engineering | University of California, Santa Cruz