Lecture Notes in Computer Science 4322 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen UniversityofDortmund,Germany MadhuSudan MassachusettsInstituteofTechnology,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA MosheY.Vardi RiceUniversity,Houston,TX,USA GerhardWeikum Max-PlanckInstituteofComputerScience,Saarbruecken,Germany Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Fabrice Kordon Janos Sztipanovits (Eds.) Reliable Systems on Unreliable Networked Platforms 12th Monterey Workshop 2005 LagunaBeach,CA,USA,September22-24,2005 Revised Selected Papers 1 3 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. VolumeEditors FabriceKordon UniversitéPierreetMarieCurie Laboratoired’InformatiquedeParis6 104AvenueduPrésidentKennedy,75016Paris,France E-mail:[email protected] JanosSztipanovits VanderbiltUniversity SchoolofEngineering Nashville,TN37235-6306,USA E-mail:[email protected] LibraryofCongressControlNumber:2007921535 CRSubjectClassification(1998):D.1.3,D.2-3,D.4.5,F.3,C.2.1,C.2-4 LNCSSublibrary:SL2–ProgrammingandSoftwareEngineering ISSN 0302-9743 ISBN-10 3-540-71155-4SpringerBerlinHeidelbergNewYork ISBN-13 978-3-540-71155-1SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. SpringerisapartofSpringerScience+BusinessMedia springer.com ©Springer-VerlagBerlinHeidelberg2007 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SPIN:12026487 06/3142 543210 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Preface Networked Systems: Realizationof Reliable Systems on Unreliable Networked Platforms TheMontereyWorkshopsserieswasinitiatedin1993byDavidHislopwiththepurpose ofexploringthecriticalproblemsassociatedwith cost-effectivedevelopmentofhigh- quality software systems. During its 12-year history, the Monterey Workshops have broughttogether scientists that share a common interest in software developmentre- searchservingpracticaladvancesinnext-generationsoftware-intensivesystems.Each year is dedicated to a given topic such as "Software Engineering Tools: Compatibil- ityandIntegration"(Viennain2004),"EngineeringforEmbeddedSystems:FromRe- quirements to Implementation" (Chicago in 2003), "Radical Innovations of Software and Systems Engineering in the Future" (Venice in 2002), "Engineering Automation forSoftwareIntensiveSystemIntegration"(Montereyin2001),etc. This 12th Monterey Workshop was held in Laguna Beach, CA during September 22–24,2005. Contextofthe 12th Workshop Networkedcomputingisincreasinglybecomingtheuniversalintegratorforlarge-scale systems.Inaddition,newgenerationsofwirelessnetworkedembeddedsystemsrapidly createnewtechnologicalenvironmentsthatimplycomplexinterdependenciesamongst all layersof societal-scale critical infrastructure,such as transportation,energydistri- bution and telecommunication. This trend makes reliability and safety of networked computingacrucialissueandatechnicalpreconditionforbuildingsoftware-intensive systemsthatarerobust,faulttolerant,andhighlyavailable. The12thMontereyWorkshopon"NetworkedSystems:RealizationofReliableSys- tems on Unreliable Networked Platforms" focused on new, promising directions in achievinghighsoftwareandsystemreliabilityinnetworkedsystems. AllpresentationsattheworkshopwerebyinvitationupontheadviceoftheProgram Committee. InvitedSpeakers MylaArcher NavalResearchLab,USA BarrettBryant UniversityofAlabama,Birmingham,USA DavidCorman Boeing,StLouis,USA NickDutt UCI,USA HolgerGiese UniversityofPaderborn,Germany ChrisGill WashingtonUniversityatStLouis,USA HelenGill NSF,USA KlausHavelund NASA,USA Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. VI Preface DavidHislop ArmyResearchOffice,USA LiviuIftode Rutgers,USA VanaKalogeraki UCRiverside,USA GaborKarsai VanderbiltUniversity,USA KaneKim UniversityofCaliforniaatIrvine,USA Moon-HaeKim KonkukUniversity,Korea RaymondKlefstad UCI,USA HermannKopetz ViennaUniversityofTechnology,Austria FabriceKordon UniversityofPierre&MarieCurie,Paris,France IngolfKrueger UCSD,USA AkosLedeczi VanderbiltUniversity,USA EdwardLee UCBerkeley(KeynotePresentation),USA ChenyangLu WashingtonUniversity,USA Luqi NavalPostgraduateSchool,USA ZoharManna StanfordUniversity,USA OliverMarin UniversityofPierre&MarieCurie,Paris,France NenadMedvidovic USC,USA LaurentPautet TélécomParis,France RajRajkumar CarnegieMellonUniversity,USA MartinRinard, MIT,USA Man-takShing NavalPostgraduateSchool,USA JanosSztipanovits VanderbiltUniversity,USA Wei-TekTsai ArizonaStateUniversity,USA AndreVanderHoek UCI,USA NaliniVenkatasubramanian UCI,USA BenWatson LockheedMartin,USA AlbertWavering NIST,USA VictorWinter UniversityofNebraskaatOmaha,USA FengZhao MicrosoftResearch(KeynotePresentation),USA Papersincludedinthisvolumewereselectedamongthesubmissionsfromthework- shop’sdiscussions. WorkshopTopics Softwareisthenewinfrastructureoftheinformationage.Itisfundamentaltoeconomic success, scientific and technical research and national security. Our current ability to constructthe large and complex software systems demanded for continued economic progressisinadequate. The workshop discussed a range of challenges in networked systems that require furthermajoradvancesinsoftwareandsystemstechnology: – System Integration and Dynamic Adaptation. A new challenge in networked systems is that stable application performanceneeds to be maintained in spite of thedynamicallychangingcommunicationandcomputingplatforms.Consequently, therun-timearchitecturemustincludeactivecontrolmechanismsforadaptingthe Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Preface VII system/softwarecomponentstochangingconditions.Globalsystemcharacteristics need to be achieved by increased run-time use of reflection (systems that utilize their own models),advancedinterfacemodeling,self-adaptation,and self- optimization. – Effects of Dynamic Structure. The structure of networked systems is complex andhighlydynamic.Becausesystemsareformedbyadhocnetworksofnodesand connections, they lack fine-grain determinism for end-to-endbehaviors that span subsystemandnetworkboundaries.Inaddition,thereareend-to-endsystemqual- itiessuchastimelinessandsecuritythatcanonlybeevaluatedinthisdynamically integratedcontext. – Effects of Faults. Faults and disruptions in the underlying communication and computinginfrastructurearethenormalevents.Sincewell-understoodtechniques forfault-tolerantcomputing,such asn-modularredundancy,are notapplicablein the dynamicallychangingnetworkedarchitecture,new technologyis requiredfor buildingsafeandreliableapplicationsondynamic,distributedplatforms. – DesignforReliability.Althoughtherearevarietiesofmetricsandestablishedprac- ticesforcharacterizingtheexpectedfailurebehaviorofasystemafteritisfielded and there are established practices for specifying the desired reliability of a sys- tem,theevaluationofsystemorsoftwarereliabilitypriortofieldingisasignificant problem. – System Certification. The process for certifying that a system meets specified reliability goals under the range of conditions expected in actual use currently involves exhaustive analysis of a system, including its development history and extensive testing. Current methods do not give systems engineers the confidence theywouldliketohaveinconcludingthatasystemwillhaveparticularreliability characteristics. – Effectsof Scale. Anotherrisk thatoverlaysall proposedsolutionsis scale. Scale alsoaddressesbothrun-timeanddesign-timeconcerns.Typically,demonstrations are the convincing drivers to technology adoption. Demonstrations of new tech- nologies however are usually small-scale, focused efforts. It is an open problem howto scale upa demonstrationthataddressesthe numberofnodesandconnec- tions,andthenumberofsoftwaredevelopers,analysts, andintegratorstoprovide enoughprooftojustifytechnologytransition. Thesechallengesareexaggeratedinnetworked-embeddedsoftwaresystems,where computationandcommunicationaretightlyintegratedwithphysicalprocess. Approaches There have beenimportantnew developmentsduringthe past five yearsthat improve our chance to meet the new challenges listed above. Contributions at the workshop identifiedanddiscussedresearchapproachesthathavedirectandimmediaterelevance tothenewchallenges.Listedbelowarethemajorthemesthatcameupinmanyforms inthepresentationsandcapturedinthecontributionsoftheseproceedings. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. VIII Preface Model-based software development of network-centric system-of-systems. Model- based design is rapidlybecomingone of the prominentsoftware/system development paradigms. Models with precisely defined syntax and semantics capture system/soft- ware invariants that can be formally analyzed and used for predicting/ verifying systembehaviorandforgeneratingcode.Anewchallengeinnetwork-centricsystem- of-systemsisthatdesigninvariantsneedtobemaintainedactivelyduringrun-timedue tothe dynamicallychangingcommunicationandcomputingplatforms.Consequently, therelationshipbetweendesign-timemodelingandmodelanalysisandrun-timebehav- ior needsto be fundamentallydifferent:emphasisneeds to be shifted toward correct- by-constructionapproachesthat can guarantee selected behavioralproperties without theneedforsystem-levelverification,andtherun-timearchitecturemustincludeactive controlforadaptingthesystem/softwaretochangingconditions.Globalsystemcharac- teristicsneedtobeachievedbyincreasedrun-timeuseofreflection(systemsthatutilize theirownmodels),advancedinterfacemodeling,self-adaptation,andself-optimization. Foundations of future design and programming abstractions. Programming abstrac- tionshaveacrucialroleinthedesignofhighlyconcurrent,dynamic,andtime-critical networkedsystems.Today’sabstractionshavebeendevelopedforprogramswithstatic structure, closed architectures, and stable computing platforms that are not scalable, understandable, and analyzable in complex, networked, real-time systems. We need abstractionsthatgobeyondanarrowviewofprogramminglanguagestointegratemod- eling,design,andanalysis.Theymustsatisfytheneedforblendingsolidformalfounda- tionswithdomain-specificexpressionsandmustyieldbehaviorthatispredictableand understandableto system designers, even in the face of uncertain or dynamic system structure. To accomplish this, they must serve both the modeling role and the design role,leveraginggenerators,visualnotations,formalsemantics,probabilisticmodeling, andyet-to-be-developedtechniquesforgaininganeffectivemultiplicityofviewsintoa design.And theymusteffectivelyexpressconcurrency,quality-of-serviceconstraints, andheterogeneity. Active faultmanagementin network-centricsystems. Itisimportantto recognizethat softwarewillneverbeperfectlarge-scale,networkedsystems-of-systems.Softwareand platformcomponentsmayfailatanytime.Thenotionofactivefaultmanagementac- cepts this as a fact and instead of attempting to mask the faults, it focuses on their containment, mitigation, and management. Active fault management is a novel tech- nique that is gaining acceptance in complex engineering systems (e.g., aerospace ve- hicles)andpromisesreliabilitythroughdetecting,isolatingandrecoveringfromfaults using algorithmic techniquesfor contingencymanagement.The software engineering communitytook notice of these engineeringtechniquesand applies them to software artifacts.Theresultingfaultmanagementarchitecturesarelayered,asdifferentmethods maybeneededondifferentlevelsofabstractionsinsystemsand,preferably,theyhave to be proactive,so that they detect early precursorsto larger problems(e.g., memory leakindynamicallyallocatedmemory,ormemoryfragmentation)suchthatthesystem willhavesufficienttimetotakepreventiveaction. Intelligent,robustmiddleware. Complexityoflarge-scalenetworkedsystemsrequires careful consideration on reusability of code. Middleware technologies offer architec- Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Preface IX turalsolutionsforseparatingapplicationcodefromhighlyreusablecomponentsorlay- ersinsoftwarestacks.Weneedtodevelopandvalidateanewgenerationofintelligent middlewaretechnologiesthatcanadaptdependablyinresponsetodynamicallychang- ingconditionsforthepurposeofalwaysutilizingtheavailablecomputerandnetwork infrastructuretothehighestdegreepossibleinsupportofsystemneeds.Emergingarchi- tectures, suchas service-orientedarchitecture(SOA), providefocusfor thisnew gen- eration of middleware research that will ultimately enable software whose functional andQoS-relatedpropertiescanbemodifiedeitherstatically,(e.g.,to reducefootprint, leveragecapabilitiesthat existin specific platforms,enablefunctionalsubsetting,and minimizehardware/softwareinfrastructuredependencies)or dynamically(e.g., to op- timize system responsesto changingenvironmentsor requirements,such aschanging componentinterconnections,power-levels,CPU/networkbandwidth,latency/jitter,and dependabilityneeds). Model-baseddevelopmentof certifiable systems. Systems that are safety certified are arguablysomeofthemostcostlytodevelop.Asaresult,softwarearchitecturesforsuch systemsaretypicallyverydeterministicinordertoenableprovablemitigationofsafety hazards. The limitations of these approachesare quickly becoming unacceptable due totheadventofad-hocmobilenetworksrequiringamuchmoredynamicstructureand expected unavailability of certain resources for these safety critical systems. Model- based development approaches must be applied to enable the development of these systems within reasonablecost. These approachesshould include the developmentof modelingsyntaxandsemanticstoexpresssafety-criticalaspectsandperhapsconstrain dynamism,theprovisionofdesign-timeandrun-timeanalysisthatleveragesthismodel andaddressestheconcernsofthesafetycommunityinthecontextofanetwork-centric system of systems, the automatic generation of artifacts that are proven by analysis to be safe, and the establishment of trust in such tools and techniques by the safety communityasawhole. Acknowledgement We are gratefulto the Steering Committee, the Local OrganizingCommittee and the invitedspeakersformakingtheworkshopasuccess.Wegratefullyacknowledgespon- sorshipfromtheArmyResearchOffice(DavidHislop)andfromtheNationalScience Foundation(HelenGill). January2007 FabriceKordon JanosSztipanovits Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Organization Executive Committee ConferenceChair: KaneKim(UniversityofCalifornia,Irvine,USA) ProgramChairs: Fabrice Kordon (Université Pierre & Marie Curie, France) JanosSztipanovits(VanderbiltUniversity,USA) Technical Program Committee CarlosDelgadoKloos UniversityCarlosIIIofMadrid,Spain BertilFolliot UniversityofPierre&MarieCurie,Paris,France TomHenzinger Ecole Polytechnique Federale de Lausanne, Switzerland KaneKim UniversityofCaliforniaatIrvine,USA InsupLee UniversityofPennsylvania,USA ChenyangLu WashingtonUniversity,USA TomMaibaum King’sCollege,London,UK UgoMontanari UniversityofPisa,Italy LaurentPautet TélécomParis,France WolfgangPree UniversityofSalzburg,Austria DougSchmidt VanderbiltUniversity-ISIS,USA Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Table of Contents Reinventing Computing for Real Time.............................. 1 Edward A. Lee and Yang Zhao Applying Service-Oriented Development to Complex Systems: BART Case Study...................................................... 26 Ingolf H. Kru¨ger, Michael Meisinger, and Massimiliano Menarini Towards Dynamic Partitioning of Reactive System Behavior: A Train Controller Case Study ............................................ 47 Victor Winter and Deepak Kapur The GridLite DREAM: Bringing the Grid to Your Pocket............. 70 Chris A. Mattmann and Nenad Medvidovic DARX - A Self-healing Framework for Agents ....................... 88 Olivier Marin, Marin Bertier, Pierre Sens, Zahia Guessoum, and Jean-Pierre Briot NauticalPredictiveRouting Protocol(NPRP)for the Dynamic Ad-Hoc Nautical Network (DANN) ........................................ 106 Luqi, Valdis Berzins, and William H. Roof A Factory to Design and Build Tailorable and Verifiable Middleware ... 121 J´eroˆme Hugues, Fabrice Kordon, Laurent Pautet, and Thomas Vergnaud A Concurrency Abstraction for Reliable Sensor Network Applications... 143 J´anos Sallai, Miklo´s Maro´ti, and A´kos L´edeczi Outdoor Distributed Computing with Split Smart Messages ........... 161 Nishkam Ravi and Liviu Iftode Towards a Real-Time Coordination Model for Mobile Computing ...... 184 Gregory Hackmann, Christopher Gill, and Gruia-Catalin Roman Dynamic System Reconfiguration Via Service Composition for Dependable Computing........................................... 203 W.T. Tsai, Weiwei Song, Yinong Chen, and Ray Paul A Component-Based Approach for Constructing High-Confidence Distributed Real-Time and Embedded Systems ...................... 225 Shih-Hsi Liu, Barrett R. Bryant, Mikhail Auguston, Jeff Gray, Rajeev Raje, and Mihran Tuceryan Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.