基于目标的高可信自适应容错软件开发方法研究

【作者】 唐姗；

【导师】 赵文耘；

【作者基本信息】 复旦大学 ， 计算机软件与理论， 2011， 博士

【摘要】 随着以Internet软件为核心的信息系统的深入,基于Internet的分布式计算机系统及开放式网络环境增加了系统的复杂度、故障率和不安全因素,使得软件系统变得日趋庞大和难以驾驭,缺陷和漏洞难以避免,其经常发生各种故障和失效。所有这些因素都给软件系统的可信性带来了新的问题和挑战。软件容错技术是保障软件可信性的主要方法之一。但是传统的容错技术存在着许多不足之处：实现成本高,往往需要多个冗余的实现版本；模块化程度较差,难以清晰地进行建模和预测分析；灵活性不强,难以适应复杂多变的运行时失效。近年来,高可信软件系统方面的研究工作越来越多地与自适应软件系统(self-adaptive software system)联系起来。与传统的基于冗余和多样性思想的软件容错方法相比,自适应软件系统能够通过对自身行为和结构的动态调整来适应自身的缺陷和环境的变化,从运行时控制的角度提高软件系统的可信性。为我们提供了一种更加灵活和有效的软件容错途径。本文在分析当前自适应软件研究领域的工作的基础上,针对高可信自适应软件系统在现实开发中面临的很多问题,论述了在可信软件系统开发的整个生命周期中所涉及的相关理论和技术,对指导高可信自适应容错软件系统开发的实践活动具有现实性的意义。本文将可信软件系统研究领域中各个阶段相互独立分散的理论与技术进行了统一,提出了一个更加系统、有效和实用的自适应容错解决方案：从可信需求建模,到自适应体系结构设计,再到系统的实现及运行时监控与诊断,将可信软件系统开发过程中的各个阶段所需的制品的设计紧密联系在一起,形成了一个全面而统一的技术体系。为解决现有的面向目标的需求建模方法在自适应软件系统的需求建模方面所表现出来的不足,以及为了支持软件系统的运行时监控、诊断和容错决策的需要,本文首先对KAOS需求建模方法中的描述框架、目标类型、目标关系等方面进行了扩展。在此基础上,提出了一个面向目标的自适应软件系统的可信需求建模分析方法,较之于现有的自适应软件的需求建模方法,该方法细化了需求建模过程中的多个方面的建模工作,增加了对自适应基础设施和自适应场景等方面的需求建模的支持。针对需求规约和软件体系结构模型之间的概念差距和相对独立的演化所造成的从需求模型到体系结构设计转换困难的问题,本文以可信目标模型为基础,提出了一个系统化的推导自适应体系结构的方法。面向体系结构的结构化模型和行为模型两个设计视图,分别论述了在各种“目标精化模式”下,如何从目标模型推导出体系结构模型。在此基础上,提出了一个从目标模型到体系结构模型之间的追踪元模型,以保证整个推导过程的可追踪性和一致性。在现有的自适应容错实现技术的基础上,本文提出一种更加广义的容错概念：1)在容错对象方面,除了软件自身的设计和实现缺陷外,将运行环境的变化和失效以及系统多种非功能性目标的冲突也纳入到容错范围中；2)在容错目标方面,强调可生存性而非绝对的系统可靠性,以保障系统的关键服务为基本目标,在此基础上通过各种容错手段实现系统整体的优化运行。重点探讨了如何以软件体系结构为中心来展开对运行时系统进行监测、分析、规划和实施等自适应活动。针对目前自适应软件系统所面临的运行时监控的难点问题,本文提出了一个基于目标模型的运行时监控与诊断分析方法。将需求推理、运行时监控以及系统的自适应调整行为集成于一体进行研究,以在检测出系统异常时,及时对检测结果进行自适应容错处理。本文从监控事件的定义,到生成和编织监控代码,再到诊断和响应监控结果,给出了一个系统完整的可信需求的运行时监控方案。最后,本文设计了相应的支撑平台并实现了其原型系统。更多还原

【Abstract】 As Internet software centralized information systems have deeply impacted most aspects of our social and economical life, the Internet based distributed computer systems and open network environments also have increased complexity, error-proneness, and instability of systems, which makes them huge and hard to manage. As defects and safety hazards seem hard to avoid, systems are becoming more vulnerable, and sometimes even not work as expected. All of these factors have brought new problems and challenges to the dependability of software systems.Software fault-tolerance technology is an important method to guarantee the dependability of the systems. But, the traditional software fault-tolerance methods have several disadvantages:costs are too high that multiple redundant implementation versions are needed; low modularization makes modeling and predictive analysis hard; unable to adapt various and complex run-time ineffectiveness. In recent years, people in the field of dependable software research are tended to associate their research with self-adaptive software systems. Comparing to traditional redundancy and diversity based fault-tolerance methods, self-adaptive systems can dynamically adjust their behaviors and structures, thus improve reliability at run time. This leads to a more flexible and effective way towards software dependability.Based on comprehensive study of this area, this dissertation presents theories and technologies that cover the whole life cycle of development of dependable software systems, and provide practical guides. This dissertation propose a more systematic, effective, and practical self-adaptive fault-tolerance solution, to combine theories and technologies scattered among reliable software system research:from modeling of reliable requirement, to design of self adaptive fault-tolerance software architecture, as well as system implementation and run-time monitoring and diagnosis, we tight designs of products of the software system development stages, and form a integral theoretical system.To fix the disadvantages of current goal-oriented requirement modeling methods in self-adaptive software system, and to support requirements of runtime monitoring, diagnostics and fault tolerance in software systems, this dissertation at first extends the description framework, goal types and goal relations of KAOS requirement modeling methodology. And based on this, this dissertation proposes a systematical and reliable requirement modeling method for the goal oriented self-adaptive software systems. Comparing to the current similar works, our method refines many aspects in requirement modeling process, and adds the support for modeling self-adaptive infrastructure and self-adaptive scenario.Due to the concept differences between requirement models and software architecture models and the relatively independent evolutions, translating requirement models to software architecture model is very difficult. Aiming to solve this problem, based on the reliable goal models, this thesis proposes a systematic derivation method for self-adaptive software architecture model. From two architectural design views, we respectively discuss the ways to derive software architecture model from goal model according to different kinds of goal refinement patterns. Then we propose a tracking meta-model from goal model to software architecture model that guarantees the track-ability and consistency in the whole derivation process.Based on the current implementation of self-adaptive fault tolerance techniques, this thesis raises a boarder fault-tolerance concept:1) For fault-tolerance objects, besides defects in design and implementation of software itself, we also take changes and invalidation of runtime environment, and non-functional conflicts in system into consideration 2) For fault tolerance targets, we don’t emphasize absolute reliability but sustainability to guarantee the key services, as our mail goal. Based on this we use kinds of fault tolerance methods to optimize the execution of whole system. This dissertation mainly discusses how to carry out runtime self-adaptive activities like monitoring, analysing, planning and execution, which focus on the software architecture.To relieve the difficulty in runtime monitoring of the self-adaptive systems, based on the goal model, this thesis proposes a runtime monitoring and diagnosing approach. By integrating requirement reasoning, runtime monitoring and self-reconfiguring, it can perform fault tolerance behavior based on the detection of system errors and diagnostic results. From the definition of monitoring events, to generating and weaving the monitoring code, and then diagnosing and responding to the monitoring results, this thesis provides a complete solution for runtime monitoring of the reliable requirements.Finally, we also design the corresponding support platform and implement a prototype system.更多还原