Skip to main content
SpringerLink
Log in

The KlaperSuite framework for model-driven reliability analysis of component-based systems

  • Theme Section Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

Automatic prediction tools play a key role in enabling the application of non-functional requirements analysis, to simplify the selection and the assembly of components for component-based software systems, and in reducing the need for strong mathematical skills for software designers. By exploiting the paradigm of Model-Driven Engineering (MDE), it is possible to automatically transform design models into analytical models, thus enabling formal property verification. MDE is the core paradigm of the KlaperSuite framework presented in this paper, which exploits the KLAPER pivot language to fill the gap between design and analysis of component-based systems for reliability properties. KlaperSuite is a family of tools empowering designers with the ability to capture and analyze quality of service views of their systems, by building a one-click bridge towards a number of established verification instruments. In this article, we concentrate on the reliability-prediction capabilities of KlaperSuite and we evaluate them with respect to several case studies from literature and industry.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Notes

  1. Some details (e.g., the attributes of the meta-classes) have been omitted for clarity and space reasons.

  2. The framework can be downloaded from http://home.dei.polimi.it/filieri/tools2011.

  3. http://www.icsa.inf.ed.ac.uk/research/groups/hase/simjava/.

  4. http://www.q-impress.eu.

References

  1. Aleti, A., Bjornander, S., Grunske, L., Meedeniya, I.: Archeopterix: an extendable tool for architecture optimization of aadl models. In: MOMPES. IEEE, New York (2009)

  2. Alur, R., Henzinger, T.A.: Reactive modules. Formal Methods Syst. Des. 15(1), 7–48 (1999)

    Article  MathSciNet  Google Scholar 

  3. Atkinson, C., Kühne, T.: Model-driven development: a metamodeling foundation. IEEE Softw. 20(5), 36–41 (2003)

    Article  Google Scholar 

  4. Balsamo, S., Di Marco, A., Inverardi, P., Simeoni, M.: Model-based performance prediction in software development: a survey. IEEE Trans. Softw. Eng. 30(5), 295–310 (2004)

    Article  Google Scholar 

  5. Becker, S., Koziolek, H., Reussner, R.: Model-based performance prediction with the palladio component model. In: WOSP, pp. 54–65. ACM, New York (2007)

  6. Becker, S., Koziolek, H., Reussner, R.: The Palladio component model for model-driven performance prediction. J. Syst. Softw. 82(1), 3–22 (2009)

    Article  Google Scholar 

  7. Bézivin, J., Pierantonio, A., Vallecillo, A., Gray, J.: Guest editorial to the special section on model transformation. Softw. Syst. Model. 8(3), 303–304 (2009)

    Article  Google Scholar 

  8. Bures, T., Carlson, J., Crnkovic, I., Sentilles, S., Vulgarakis, A.: Procom—the progress component model reference manual, version 1.0. Technical Report MHD-MRTC-230/2008-1-SE, Malardalen University (2008)

  9. Canfora, G., Di Penta, M., Esposito, R., Villani, M.L.: An approach for qos-aware service composition based on genetic algorithms. In: GECCO. ACM, New York (2005)

  10. Cheung, L., Roshandel, R., Medvidovic, N., Golubchik, L.: Early prediction of software component reliability. In: ICSE, pp. 111–120. ACM, New York (2008)

  11. Cheung, R.C.: A user-oriented software reliability model. IEEE Trans. Softw. Eng. 6(2), 118–125 (1980)

    Article  MATH  Google Scholar 

  12. Ciancone, A., Filieri, A., Drago, M.L., Mirandola, R., Grassi, V.: Klapersuite: an integrated model-driven environment for reliability and performance analysis of component-based systems. In: Bishop, J., Vallecillo, A. (eds.) Objects, Models, Components, Patterns. Lecture Notes in Computer Science, vol. 6705, pp. 99–114. Springer, Berlin (2011)

  13. Cortellessa, V., Martens, A., Reussner, R., Trubiani, C.: A process to effectively identify “guilty” performance antipatterns. In: FASE (2010)

  14. Cortellessa, V., Singh, H., Cukic, B.: Early reliability assessment of uml based software models. In: WOSP ’02: Proceedings of the 3rd International Workshop on Software and Performance, pp. 302–309. ACM, New York (2002)

  15. Crnkovic, I.: Building Reliable Component-Based Software Systems. Artech House Inc, USA (2002)

  16. Czarnecki, K., Helsen, S.: Feature-based survey of model transformation approaches. IBM Syst. J. 45(3), 621–646 (2006)

    Article  Google Scholar 

  17. Drago, M.L., Ghezzi, C., Mirandola, R.: Towards quality driven exploration of model transformation spaces. In: MoDELS, pp. 2–16. ACM, New York (2011)

  18. Efftinge, S., Kadura, C.: Openarchitectureware 4.1 xpand language reference (2006)

  19. Etessami, K., Yannakakis, M.: Recursive markov chains, stochastic grammars, and monotone systems of nonlinear equations. In: STACS. LNCS, vol. 3404, pp. 340–352. Springer, Berlin (2005)

  20. Filieri, A., Ghezzi, C., Tamburrelli, G.: A formal approach to adaptive software: continuous assurance of non-functional requirements. Formal Aspects Comput. 24, 163–186 (2012)

    Google Scholar 

  21. France, R.B., Rumpe, B.: Model-driven development of complex software: a research roadmap. In: FOSE, pp. 37–54. IEEE Computer Society, New York (2007)

  22. Swapna, S.G.: Architecture-based software reliability analysis: overview and limitations. IEEE Trans. Dependable Secure Comput. 4(1), 32–40 (2007)

    Article  Google Scholar 

  23. Swapna, S.G., Trivedi, K.S.: Reliability prediction and sensitivity analysis based on software architecture. In: Proceedings of the International Symposium on Software Reliability Engineering (ISSRE’02), pp. 64–78. IEEE Computer Society, New York (2002)

  24. Goseva-Popstojanova, K., Hamill, M., Perugupalli, R.: Large empirical case study of architecture-based software reliability. In: ISSRE, pp. 43–52. IEEE Computer Society, New York (2005)

  25. Goseva-Popstojanova, K., Hassan, A., Guedem, A., Abdelmoez, W., Nassar, D.E.M., Ammar, H., Mili, A.: Architectural-level risk analysis using uml. IEEE Trans. Softw. Eng. 29(10), 946–960 (2003)

    Article  Google Scholar 

  26. Goseva-Popstojanova, K., Trivedi, K.S.: Architecture-based approach to reliability assessment of software systems. Perf. Eval. 45(2–3), 179–204 (2001)

    Google Scholar 

  27. Grassi, V., Mirandola, R., Randazzo, E.: Model-driven assessment of qos-aware self-adaptation. In: Software Engineering for Self-Adaptive Systems. LNCS. vol. 5525, pp. 201–222. Springer, Berlin (2009)

  28. Grassi, V., Mirandola, R., Randazzo, E., Sabetta, A.: Klaper: An intermediate language for model-driven predictive analysis of performance and reliability. In: CoCoME. LNCS, vol. 5153, pp. 327–356 (2007)

  29. Grassi, V., Mirandola, R., Sabetta, A.: Filling the gap between design and performance/reliability models of component-based systems: a model-driven approach. J. Syst. Softw. 80(4), 528–558 (2007)

    Article  Google Scholar 

  30. Object Management Group: Qvt 1.0 specification. http://www.omg.org/spec/QVT/1.0/ (2008)

  31. Gu, G.P., Petriu, D.C.: From uml to lqn by xml algebra-based model transformations. In: WOSP, pp. 99–110. ACM, New York (2005)

  32. Hinton, A., Kwiatkowska, M.Z., Norman, G., Parker, D.: Prism: a tool for automatic verification of probabilistic systems. In: TACAS. LNCS, vol. 3920, pp. 441–444. Springer, Berlin (2006)

  33. Horgan, J.R., Mathur, A.P.: Software testing and reliability. In: Handbook of software reliability engineering, chapter 13. McGraw-Hill, NY (1996)

  34. Immonen, A., Niemelä, E.: Survey of reliability and availability prediction methods from the viewpoint of software architecture. Softw. Syst. Model. 7, 49–65 (2008)

    Article  Google Scholar 

  35. Jackson, E.K., Kang, E., Dahlweid, M., Seifert, D., Santen, T.: Components, platforms and possibilities: towards generic automation for MDA. In: EMSOFT. ACM, New York (2010)

  36. Jouault, F., Allilaire, F., Bézivin, J., Kurtev, I.: Atl: a model transformation tool. Sci. Comput. Program. 72(1–2), 31–39 (2008)

    Article  MATH  Google Scholar 

  37. Koziolek, H.: Performance evaluation of component-based software systems: a survey. Perform. Eval. 67(8), 634–658 (2010)

    Article  Google Scholar 

  38. Koziolek, H., Reussner, R.: A model-transformation from the Palladio component model to layered queueing networks. In: SIPEW. LNCS, vol. 5119, pp. 58–78. Springer, Berlin (2008)

  39. Koziolek, H., Schlich, B., Bilich, C.: A large-scale industrial case study on architecture-based software reliability analysis. In: ISSRE, pp. 279–288. IEEE Computer Society, New York (2010)

  40. Lazowska, E.D., Zahorjan, J., Graham, G.S., Sevcik, K.C.: Quantitative System Performance: Computer System Analysis Using Queueing Network Models. Prentice Hall, Englewood (1984)

    Google Scholar 

  41. Lyu, M.R. (ed.): Handbook of software reliability engineering. McGraw-Hill Inc, Hightstown (1996)

    Google Scholar 

  42. Lyu, M.R.: Software reliability engineering: a roadmap. In: FOSE, pp. 153–170 (2007)

  43. Martens, A., Koziolek, H., Becker, S., Reussner, R.: Automatically improve software architecture models for performance, reliability, and cost using evolutionary algorithms. In: WOSP/SIPEW, pp. 105–116. ACM Press, New York (2010)

  44. McGregor, J.D., Bachmann, F., Bass, L., Bianco, P., Klein, M.: Using arche in the classroom: one experience. Technical Report SEI-2007-TN-001, CMU (2007)

  45. Miller, K.W., Morell, L.J., Noonan, R.E., Park, S.K., Nicol, D.M., Murrill, B.W., Voas, J.M.: Estimating the probability of failure when testing reveals no failures. IEEE Trans. Softw. Eng. 18(1), 33–43 (1992)

    Article  Google Scholar 

  46. Mirandola, R., Trubiani, C.: A deep investigation for qos-based feedback at design time and runtime. In: ICECCS, pp. 2–16. IEEE, New York (2011)

  47. Neema, S., Sztipanovits, J., Karsai, G., Butts, K.: Constraint-based design-space exploration and model synthesis. In: EMSOFT. Springer, Berlin (2003)

  48. Object Management Group (OMG): System modeling language 1.2. http://www.omgsysml.org/ (2010)

  49. Object Management Group (OMG): Unified modeling language (uml) 2.3, superstructure. http://www.omg.org/spec/UML/2.3 (2010)

  50. Palladio: The software architecture simulator. http://www.palladio-simulator.com/

  51. Parsons, T.: A framework for detecting performance design and deployment antipatterns in component based enterprise systems. In: DSM. ACM, New York (2005)

  52. Perez-Palacin, D., Mirandola, R., Merseguer, J., Grassi, V.: Qos-based model driven assessment of adaptive reactive systems. In: ICST Workshops, pp. 299–308. IEEE Computer Society, New York (2010)

  53. Petri, C.A.: Kommunikation mit Automaten. PhD thesis, University of Bonn (1962)

  54. Petriu, D.B., Woodside, C.M.: An intermediate metamodel with scenarios and resources for generating performance models from UML designs. Softw. Syst. Model. 6(2), 163–184 (2007)

    Article  Google Scholar 

  55. Popic, P., Desovski, D., Abdelmoez, W., Cukic, B.: Error propagation in the reliability analysis of component based systems. In: Proceedings of the 16th IEEE International Symposiym on Software Reliability Engineering (ISSRE’05), pp. 53–62. IEEE Computer Society, USA (2005)

  56. Q-ImPrESS Consortium: The Q-ImPrESS project. http://www.q-impress.eu (2010)

  57. Randazzo, E.: A Model-Based Approach to Performance and Reliability Prediction. PhD thesis, Universitá degli Studi di Roma, Tor Vergata (2010)

  58. Rausch, A., Reussner, R., Mirandola, R., Plasil, F. (eds.): The Common Component Modeling Example: Comparing Software Component Models [result from the Dagstuhl research seminar for CoCoME, 1–3 August 2007]. LNCS, vol.5153. Springer, Berlin (2008)

    Google Scholar 

  59. Rodrigues, G.N., Rosenblum, D.S., Uchitel, S.: Using scenarios to predict the reliability of concurrent component-based software systems. In: FASE. LNCS, vol. 3442, pp. 111–126. Springer, Berlin (2005)

  60. Rodrigues, G.N., Rosenblum, D.S., Wolf, J.: Reliability analysis of concurrent systems using LTSA. In: ICSE, pp. 63–64. IEEE Computer Society, USA (2007)

  61. Sato, N., Trivedi, K.S.: Accurate and efficient stochastic reliability analysis of composite services using their compact markov reward model representations. In: Proceedings of the IEEE International Conference on Services Computing (SCC’07), pp. 114–121. IEEE Computer Society, New York (2007)

  62. Saxena, T., Karsai, G.: Mde-based approach for generalizing design space exploration. In: MoDELS. Springer, Berlin (2010)

  63. Sharma, V.S., Trivedi, K.S.: Quantifying software performance, reliability and security: an architecture-based approach. J. Syst. Softw. 80, 493–509 (2007)

    Article  Google Scholar 

  64. Smith, C.U., Williams, L.G.: Performance and Scalability of Distributed Software Architectures: an SPE Approach. Addison Wesley, Reading (2002)

    Google Scholar 

  65. Szyperski, C.: Component Software: Beyond Object-Oriented Programming. Addison-Wesley, Reading (2002)

    Google Scholar 

  66. The Eclipse Foundation: Eclipse. http://www.eclipse.org (2010)

  67. The openArchitectureware Consortium: openArchitectureware. http://www.openarchitectureware.org/

  68. Wang, W.-L., Pan, D., Chen, M.-H.: Architecture-based software reliability modeling. J. Syst. Softw. 79(1), 132–146 (2006)

    Article  Google Scholar 

  69. Woodside, M., Petriu, D.C., Petriu, D.B., Shen, H., Israr, T., Merseguer, J.: Performance by unified model analysis (PUMA). In: WOSP, pp. 1–12. ACM Press, New york (2005)

  70. WOSP: Proceedings of the International Workshop on Software and Performance. ACM Press, New York (1998–2010)

  71. Wu, X., Woodside, M.: Performance modeling from software components. In: WOSP, pp. 290–301. ACM Press, New York (2004)

  72. Xu, J.: Rule-based automatic software performance diagnosis and improvement. In: WOSP. ACM, New York (2008)

  73. Yacoub, S.M., Cukic, B., Ammar, H.H.: A scenario-based reliability analysis approach for component-based software. IEEE Trans. Reliab. 53(4), 465–480 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Politecnico di Milano, Milan, Italy

    Andrea Ciancone, Mauro Luigi Drago, Antonio Filieri & Raffaela Mirandola

  2. Reliable Software Systems Group, University of Stuttgart, Stuttgart, Germany

    Antonio Filieri

  3. Universita’ di Roma “Tor Vergata”, Roma, Italy

    Vincenzo Grassi

  4. Industrial Software Systems, ABB Corporate Research, Ladenburg, Germany

    Heiko Koziolek

Authors
  1. Andrea Ciancone
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mauro Luigi Drago
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antonio Filieri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincenzo Grassi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Heiko Koziolek
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Raffaela Mirandola
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Antonio Filieri.

Additional information

Communicated by Prof. Dr. Dorina Petriu and Dr. Jens Happe.

Appendix A: The KLAPER transformations

Appendix A: The KLAPER transformations

This appendix describes all the automatic model transformations defined in KlaperSuite to generate a reliability analysis model starting from a KLAPER model. First, the model transformations are introduced, explaining their contexts and relations, then each transformation is detailed in a separate section.

As we pointed out in Sect. 4, KlaperSuite supports two back-ends to carry out reliability analyses: one relies on stochastic model checking and PRISM, the other is based on the RMC methodology. Each analysis back-end has its own reliability model, but their generation has in common a first model transformation that maps an input KLAPER model to an output Markov model (MM). KlaperSuite then provides two model transformations from the intermediate MM to the back-end specific model that will be used to perform the analysis. This two-stages transformation approach is illustrated in Fig. 11.

Fig. 11
figure 11

The KlaperSuite transformations

Full size image

When PRISM is used to perform the analysis, a model-to-text transformation takes care of generating a textual representation of the Markov model compatible with the PRISM model checker input format; in case of RMC, starting from the Markov model, a system of equations—whose solution provides the reliability predictions for the system—is extrapolated.

Figure 12 outlines the structure of the meta-model which we use to represent intermediate Markov models during the whole transformation process. This meta-model contains the concepts that may be found into DTMCs, with some tweaks to take advantage of some PRISM features such as Modules. In practice, we represent the different behaviors of a system via Modules; each Module is then internally described by means of Nodes and Transitions.

A Node has several attributes defining characteristics such as its type (basic, start, end, and failure). Start nodes represent the initial state of a Module, end nodes and failure nodes represent instead standard stop and failure stop states for a Module, respectively. Basic nodes are used for all the other nodes in Markov models. Each kind of Node must satisfy a well-defined set of validity constraints. Basic nodes must have at least one inbound transition and one outbound transition. Start nodes must have an outbound transition and no inbound transitions. End nodes and failure nodes must have at least one inbound transition without any outbound transition. In practice, a Module is a directed graph with exactly one start node and one end node. This can be granted by checking that, for every Module and for every Node, except for failure nodes, a path exists between the start node and the considered node and between the considered node and the end node.

Fig. 12
figure 12

The Markov model meta-model

Full size image

Finally, we distinguish among two kinds of transitions: Standard transitions and Call transitions. In both cases, a constraint specifying that the connected Nodes belong to the same module must be satisfied. Call transitions must in addition specify the module that will be called when the transition fires.

In the next sections, we detail the model transformations used by KlaperSuite. Section A.1 describes the transformation from KLAPER to MM, while Sects. A.2 and A.3 present the MM to PRISM and the MM to RMC transformations, respectively.

1.1 A.1 From KLAPER to Markov models

The model-to-model transformation from KLAPER to Markov models is implemented in QVT-Operational, the imperative model-to-model transformation language standardized by the OMG [30]. Briefly, a QVT-Operational transformation is composed by a set of functions that define operationally how a set of source elements is mapped to a set of target elements.

In this transformation, we map each KLAPER Service to a MM Module, while each KLAPER Behavior is mapped to a set of MM Nodes and Transitions, representing the Steps and the Transitions contained in the Behavior. KLAPER Workloads are mapped in the same manner, but in this case the Nodes and Transitions correspond to the Workload Behavior.

A mapping function is defined for each type of KLAPER Step. For some Steps (Start, End, Branch, Join, and ServiceControl) a corresponding MM Node exists, they are thus mapped one-to-one and connected according to the Transitions in the KLAPER model. Other Steps such as Activities and Forks require a more articulated mapping, as explained in the following.

A KLAPER Activity step could define a nested behavior—describing its internal behavior—and a repetition attribute—indicating the number of times the activity will be repeated in case of failure. For this reason, in general, this step is mapped to a set of MM Nodes and Transitions. More precisely, the Activity internal behavior is mapped to a set of MM Nodes and Transitions according to its structure, and this mapping is replicated as many times as it is indicated by the value of the Repetition attribute. This leads to a linear increase (proportional to the Repetition value) of the number of MM nodes with respect to corresponding step in the original KLAPER model. In this respect, we also note that, as remarked in Sect. 2.3, besides using the Repetition attribute to model loops, KLAPER also supports the probabilistic modeling of guard-controlled loops, by a suitable use of the Branch step. This kind of modeling naturally matches cyclic structures of MM nodes, and thus leads to no increase in the number of MM nodes with respect to corresponding steps in the original KLAPER model.

Fork is the other kind of step requiring a special handling. A model may include several Fork control steps from which different execution flows are spawned that are then executed in parallel until a Join element is reached. The semantics is similar to the semantics of the corresponding concepts for UML. From the perspective of reliability, the global reliability of a Fork-Join block corresponds to the probability that all the actions performed in the parallel execution flows do not experience any failure. More formally, we may define the global Fork-Join block reliability as \(\prod _{j}r_{j}\), where \(r_{j}\) is the reliability of the \(j\)th spawned flow. As already said in Sect. 4, this formula holds under the assumption of independent failures among spawned flows. This formula can be represented in MMs by serializing the parallel execution flows, i.e., Fork-Join blocks are transformed by mapping each action execution in the spawned execution flows in a sequence of Nodes and Transitions, which are then chained together in a possible sequence.

In general, a KLAPER Transition is mapped to the corresponding MM StandardTransition, except for outbound Transitions from a ServiceControl step. If this is the case, KLAPER Transitions are mapped to CallTransitions linked to the called Module.

1.2 A.2 From Markov models to PRISM files

This transformation is a model-to-text transformation implemented in Xpand2, a template language created by openArchitectureware [67], which is integrated in Eclipse Modeling Project. This transformation generates the textual representation of the PRISM model to be provided as input to the model checker. It produces two files, the PRISM model file and the PRISM properties file. The generation of the PRISM model file is straightforward. It contains the same information of the intermediate model in a textual representation. The PRISM properties file contains instead the definition of the system reliability properties which will be checked by PRISM in the form of the PCTL* expressions, as detailed in Sect. 4.1.

PRISM is based on the Reactive Modules formalism described by Alur et al. in [2]. As a consequence, commands to regulate the state transitions among modules must be defined. In detail, each Module in the MM representation is transformed into the corresponding PRISM concept, and suitable commands to specify how the modules interleave are generated. For example, in the case of CallTransitions, suitable commands are generated to synchronize the interleaving between the caller module and the called module.

1.3 A.3 From Markov models to RMCs

The model-to-text transformation from MMs to RMC is implemented in Java and generates a system of equations to compute the expected reliability. The system reliability can be calculated with arbitrary precision from the generated set of equations, as detailed in Sect. 4.2.

In the transformation, a MM Node is transformed into an equation defining the Node reliability, which in turn depends on the reliability of the connected outTransitions and of the related Nodes. In particular, the reliability of the \(i\)th Node is defined as \(\sum _{j}p_{ij}*r_{j}\), where \(r_{j}\) is the reliability of the \(j\)th Node and \(p_{ij}\) is the outTransition probability of the transition connecting the \(j\)th Node to the \(i\)th Node. The equation of the ending Nodes is fixed to have reliability equal to one, while the equation of failure Nodes is instead fixed to have reliability equal to zero.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ciancone, A., Drago, M.L., Filieri, A. et al. The KlaperSuite framework for model-driven reliability analysis of component-based systems. Softw Syst Model 13, 1269–1290 (2014). https://doi.org/10.1007/s10270-013-0334-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-013-0334-8

Keywords

Search

Navigation