Component-Oriented Behavior Extraction for Autonomic System Design

Rich and multifaceted domain specific specification languages like the Autonomic System Specification Language (ASSL) help to design reliable systems with self-healing capabilities. The GEAR game-based Model Checker has been used successfully to investigate properties of the ESA ExoMars Rover in depth. We show here how to enable GEAR’s game-based verification techniques for ASSL via systematic model extraction from a behavioral subset of the language, and illustrate it on a description of the Voyager II space mission. The SHADOWS project (Self-healing Approach to Designing Complex Software Systems) [4, 5] aims at developing technologies that augment large software systems with a sort of immune response against various issues and contingencies that can occur at design-time or runtime. Focusing on functional healing at design time, we developed a number of enabling techniques for functional self-healing. In particular, we introduced game based model checking of behavioral models in the GEAR tool [1, 2] as a deep diagnosis tool for early realignment between behavioral models and requirements expressed as temporal properties that we applied to the analysis of the recovery behavior of the ESA ExoMars Rover. We show 1) how we are able to link the behavioral modelling style of our techniques with ASSL [6], a rich domain-specific language for the specification of autonomous systems, equipped with a formal semantics, and 2) how we can easily and systematically translate (parts of) the specification of the Voyager’s behavior into Service Logic Graphs (SLGs), thus enabling the application of the SHADOWS technologies to the large class of autonomous systems describable in ASSL. The advantage of SLGs over other models is that they are closer to the field engineer’s understanding, thus making advanced game-based diagnosis features accessible to non-experts in formal methods and models. We show how to translate parts of an ASSL specification for autonomic systems into a behavioral model. This task implies mapping the ASSL specific self-management policy, action, and event parts that made up the system to corresponding counterparts in a behavioral system model that is based on a Service Logic Graph. We applied this translation step to the Voyager II mission case study, opening up several options for verifying issues related to e.g. recovery issues. Having detected the absence of a recovery mechanism upon transmission error within the system specification, we may leverage GEAR to fix this problem. A game-based exploration of the problem space as already suggested a tool supported enhancement of the model-driven verification process [1] can help in identifying those parts of the model that need adaptation to overcome this specific problem. However, we did not elaborate on this exploration here since the translation of the specification is still incomplete. We have previous experience of automatic generation of control flow graphs from a language’s Structured Operational Semantics(SOS). In [3] we showed how to do it for a process algebra, later extended for object oriented languages. Accordingly, we plan to examine the available SOS for ASSL and possibly take it as a starting point for an SOS-driven generation of the SLGs. This way, the palette of model ∗This work has been partially supported by the European Union Specific Targeted Research Project SHADOWS (IST-200635157), exploring a Self-Healing Approach to Designing cOmplex softWare Systems. The project’s web page is at https: //sysrun.haifa.ibm.com/shadows.