Скачать презентацию Challenges and Results in Component Quality Certification Ralf Скачать презентацию Challenges and Results in Component Quality Certification Ralf

cf7eaeeb8bbc15591796a2c987b5d0f1.ppt

  • Количество слайдов: 62

Challenges and Results in Component Quality Certification Ralf Reussner Universität Karlsruhe (TH) Karlsruhe Institute Challenges and Results in Component Quality Certification Ralf Reussner Universität Karlsruhe (TH) Karlsruhe Institute of Technology (KIT)

Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Prediction ▪ How Architectural Quality Models and Prediction Methods can be used for Softwae Quality Certification ▪ Open Issues Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 2

Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Prediction ▪ How Architectural Quality Models and Prediction Methods can be used for Softwae Quality Certification ▪ Open Issues Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 3

Industrialisation (1) 1. Epoch in History of Technology 1. Phase: steam engine as technological Industrialisation (1) 1. Epoch in History of Technology 1. Phase: steam engine as technological driver ca. 1780 -1840 2. Phase: Electricity as driver: ca. 1840 -1960 3. Phase: ICT as driver: since ca. 1990 2. Management-Method • Lowering of costs per unit (“Stückkosten”) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 4

Industrialisation (2) Goal: ▪ Lowering of costs per unit Through: ▪ Standardisation ▪ Specialisation Industrialisation (2) Goal: ▪ Lowering of costs per unit Through: ▪ Standardisation ▪ Specialisation ▪ Automation Standardisation eases specialisation and automation Technologies as drivers: ▪ ▪ ▪ Steam engine as driver for automation, Enabled technologies demand standardisation (e. g. , railroading) Which allowed specialisation (e. g. , locomotive, wagons, rails, etc. ) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 5

Ways of Industrialisation Standardisation Driver supports / enables Technology demands Specialisation supports / enables Ways of Industrialisation Standardisation Driver supports / enables Technology demands Specialisation supports / enables demands Automation Driver Technology adapted from: Buxmann, Diefenbach, Hess: Die Softwareindustrie, Springer, 2008 Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 6

Development and Production Development . . . Requirements to a technical product . . Development and Production Development . . . Requirements to a technical product . . . Technical Production Use ▪ Technical Production: well understood, planable, repeatable ▪ Problems of Software Engineering are problems in development, not production Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 7

Software. Industrialisation ▪ What actually does: “lower costs per unit” mean for Software? – Software. Industrialisation ▪ What actually does: “lower costs per unit” mean for Software? – In particular, as software is not produced by developers. ▪ What actually means Software-Production? – Not only distribution! ▪ But also: – Adaptation – Deployment – Configuration Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 8

Drivers of Software-Industrialisation ▪ Software Components ▪ Software Architectures / Patterns ▪ Software Product Drivers of Software-Industrialisation ▪ Software Components ▪ Software Architectures / Patterns ▪ Software Product Lines / Frameworks / Reference Architectures ▪ Model-driven Software Development ▪ Well-understood Development Processes / Collaborative Processes ▪ Certified Components and Architectures ▪ Software Services and SOAs ▪ Fixed and reasonable Technical Standards which are not ignored. Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 10

Role of Components in an Industrialised Discipline ▪ All industries have components. ▪ Important Role of Components in an Industrialised Discipline ▪ All industries have components. ▪ Important means for standardisation ▪ Components lower the degrees of freedom during development and, hence, increase the predictability of quality attributes. ▪ The re-use of components blurs the boundaries between development of new software, evolution of software and integration of software (which reflects just the reality). ▪ Re-use of components / composition of systems is isomorphic to re-use / composition of prediction models Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 11

What is a component? ▪ “A component is a contractually specified building unit of What is a component? ▪ “A component is a contractually specified building unit of software which can be readily composed or deployed. ” – “readily composed or deployed”: • without having to understand the interna as a human • these are the two main things to be done with components – not necessarily “black-box”: Information on interna can be available to tools. ▪ “Components are for composition, much beyond is unclear…” (Clemens Szyperski) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 12 12

Different Abstraction of Components Qo. S (i, es, up, d) FP (es) CT Type Different Abstraction of Components Qo. S (i, es, up, d) FP (es) CT Type 1 1 «implements» * Implementation * IID Implementation Instance Description Qo. S (es, up, d) FP (es) 1 «deploys» * Deployment Not considered within the Palladio Component. Model Runtime DID Deployment Instance Description RID Runtime Instance Description Qo. S (up) FP () i: implementation es: external services up: usage profile d: deployment Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 13

Components and Services ▪ A software component is a contractually specified software building block Components and Services ▪ A software component is a contractually specified software building block which can be deployed or composed without understanding its internals. ▪ A service is a deployed component. ▪ New role: service provider, new business model ▪ SOAs are not designed, but are evolving – well, nearly ▪ Lightweight service compositions – instead of scripting – one-use software ▪ SLA are needed to describe service, like an interface describes a module. Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 15

Quality of Services ▪ Eased modelling & prediction of quantitative properties: – Mostly synchronous Quality of Services ▪ Eased modelling & prediction of quantitative properties: – Mostly synchronous calls – Deployment context and external components fixed Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 16

Q-Impress Vision (EU FP 7 STREP) Source Code Service architecture extraction Design Model Service Q-Impress Vision (EU FP 7 STREP) Source Code Service architecture extraction Design Model Service Wrappers UML Annotations Method integration Legacy Code Changes Service Architecture Model Service evolution cycle Monitoring Domain knowledge Service evolution cycle Prediction Model Usage profile Method validation / Demonstrator Annotations Legacy code wrapping Resource Model Quality impact analysis and simulation Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle Monitoring / Benchmarking 17

Certified Components and Architectures and Standards ▪ Needed to ensure trust of unknown foreign Certified Components and Architectures and Standards ▪ Needed to ensure trust of unknown foreign components. ▪ Needed to justify costs of architectural modelling. ▪ Certification is usually related to a standard (certification of “standard quality”) ▪ Standards need to be reasonable (more than the expression of the business interests if the members of standardisation bodies) ▪ Standards need to be known and obeyed. Lack of culture in our discipline. Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 18

A Simple Test on Software Standards ▪ IEEE 610. 12 -1990 – SE Terminology A Simple Test on Software Standards ▪ IEEE 610. 12 -1990 – SE Terminology ▪ IEEE 730 -2002 – Software Quality ▪ IEEE 1471 -2000 – Software Architecture Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 19

What is Certification ▪ The verifiable demonstration of qualities of an entity according defined What is Certification ▪ The verifiable demonstration of qualities of an entity according defined or prescribed standards. ▪ Entities are often technical products (cars, buildings, designs of such products, …) ▪ In the software world most often – processes (CMMi, QIP, . . ) or – education / training courses are certified. ▪ If training courses are concerned with specific software products, the certification of such courses is sometims wrongly called “product-oriented certification”. Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 20

Certification of Software Products ▪ In the software world software products are not certified. Certification of Software Products ▪ In the software world software products are not certified. ▪ Software is different to physical technical products (no wear and tear) but also evolves and designs also need to be certified. ▪ Analogy: Typ appropriation of cars. ▪ Different to verification: – several quality attributes are of concern – entities for certification can be • • components architectures deployed component (aka services) whole systems – verifiably demonstratable – according to standards Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 21

Why Certification ▪ Software vendor / Software provider: – for “marketing” (a means to Why Certification ▪ Software vendor / Software provider: – for “marketing” (a means to create trust) – because of legal regulations ▪ Software customer: – because also software vendor of composed products – because of legal regulations (of non-software domains) Software Developer Customer Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 22

What Quality to Certify? ▪ Functional properties of components (close to automated verification) ▪ What Quality to Certify? ▪ Functional properties of components (close to automated verification) ▪ External non-functional properties of components: ▪ Demonstrate, that formal quality model fits to implementation (and vice versa security) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 23

Standard Certification Scenario So ftw & ion t ina tion am ca Ex rtifi Standard Certification Scenario So ftw & ion t ina tion am ca Ex rtifi Ce Software Developer ar e. O ffe r Trust Customer Certification Authority Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 24 24

Autonomic Certification Scenario So ftw Software Developer ar e. O ffe r Checks certificate Autonomic Certification Scenario So ftw Software Developer ar e. O ffe r Checks certificate Provides certifies tools for certificatie checks Customer Certification Authority Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 25 25

Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Prediction ▪ How Architectural Quality Models and Prediction Methods can be used for Softwae Quality Certification ▪ Open Issues Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 26

Elements of an Engineering Discipline [Shaw&Garlan 95] Engineering • Goal-driven optimisation of Craft • Elements of an Engineering Discipline [Shaw&Garlan 95] Engineering • Goal-driven optimisation of Craft • Customer and Developer often the same person • Talent and Experience instead of Understanding Manufacturing • Division of Labour • Education of Specialists • Use of third party tools • Products • Processes requires • Understanding of the effects of design decisions and changes Theories on products and processes Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 27

State of SE? The same problems since 1968 (first Software Engineering Conference) ▪ “The State of SE? The same problems since 1968 (first Software Engineering Conference) ▪ “The problem of achieving sufficient reliability in the data systems. . . ” ▪ “The difficulties of meeting schedules and specifications on large software projects” ▪ “The highly controversial question of whether software should be priced separately from hardware” Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 28

Where stands “Software Engineering” as an Engineering Discipline? ▪ Progress: the same problems since Where stands “Software Engineering” as an Engineering Discipline? ▪ Progress: the same problems since decades, but for considerably larger and more complex systems ▪ “Planning crisis” instead of a “Software crisis” [Glass 00]: – Budgets and schedules are rarely done by the developer, much more by managers, sales persons and customers Approx. size of what is considered as “large” software systems Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 30

Software Engineering: Manufacturing ▪ Division of labour – Roles – Use of specialised tools Software Engineering: Manufacturing ▪ Division of labour – Roles – Use of specialised tools ▪ (Specialised Education) ▪ Design patterns as a vocabulary on proven solutions to recurring problems Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 31

Problems ▪ Lack of Understanding and Professionalism – “New Motors in three month. ” Problems ▪ Lack of Understanding and Professionalism – “New Motors in three month. ” – “Sky scrapers in 5 days. ” – Why do not we find books like: • “Heart Transplantations for Dummies” • “Nuclear Weapons in 21 days” • “Flying the Airbus: Easy Access!” – Sky scrapers as large garden houses ▪ Counter productive avoidance of up front costs ▪ Real problem of integrating and using legacy systems Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 32

Treatment of Quality Properties Today 1. Specification 2. Ignoring 3. Testing 4. Re-Implementing / Treatment of Quality Properties Today 1. Specification 2. Ignoring 3. Testing 4. Re-Implementing / Re-Designing / Re-Negotiating Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 33

Analogy and Role Model ▪ John L. Hennessy, David A. Patterson: “Computer Architecture. A Analogy and Role Model ▪ John L. Hennessy, David A. Patterson: “Computer Architecture. A Quantitative Approach”, Morgan Kaufman, 1992 (1 st edition) “At the core is a quantitative approach to computer design and analysis that uses empirical observation of programs, experimentation, and simulation as its tools. ” Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 34

Missing Properties of an Engineering Discipline Systematic Treatment of Quantitative Software Properties Decomposition of Missing Properties of an Engineering Discipline Systematic Treatment of Quantitative Software Properties Decomposition of global System-Requirements Prediction of global System. Properties “reaction time below 2 ms” “? ” ? ? Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 35

Why do we want to predict quantitative Properties? View Model Controller vs. View Controller Why do we want to predict quantitative Properties? View Model Controller vs. View Controller Model vs. Evaluation of Design Alternatives ▪ ▪ the quantifiable best of a list of many trade-off decisions – cost vs. benefits – QA a vs. QA b Dimensioning of Resources (“Sizing”) Changes of usage profile – Scalability Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 36

Model-based Prediction of Quantitative Properties UML, ADL, … Response time Throughput, Utilisation, … Results Model-based Prediction of Quantitative Properties UML, ADL, … Response time Throughput, Utilisation, … Results Executable Software Design Model Analysis Results Transformation (MDD) Analysis / Simulation Estimation Measurement Annotated Software Design Model UML Performance Profile, QML, … Automated by Tools Analysis Model Transformation (MDD) Queuing models Stochastic Petri-Nets, Stochastic Process Algebra, … Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 42

Scientific Approach to Create Quantitative Models Modell of Software (mit Annotationen) Prediction Predicted Quality Scientific Approach to Create Quantitative Models Modell of Software (mit Annotationen) Prediction Predicted Quality Improvement / Extension Interpretation Abstraction Acceptance / rejection of abstract model Comparison Software Measurement Measured Quality Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 43

Validation of Quantitative Models ▪ Type 1: Validation of Prediction Model ▪ Type 2: Validation of Quantitative Models ▪ Type 1: Validation of Prediction Model ▪ Type 2: Validation of Applicability – Case Studies and Controlled Experiemts with Students ▪ Typ 3: Validation of Benefits – in comparison to different methods – Limitations of the Approach – Required prerequisites – FZI – Industrial Partners Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 44

Component Developers Software Architect System Deployer Domain Expert Industrialisation Engineering Certification by Prediction Open Component Developers Software Architect System Deployer Domain Expert Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 3/18/2018 45

Soft. Arch. DSL Instance to f SPA with Scheduling Analysis + Simulation at rm Soft. Arch. DSL Instance to f SPA with Scheduling Analysis + Simulation at rm fo ns Pa r DSL Instance Palladio Component Model Tr a Comp. Dev. Analysis io n Stochastic Regular Expr. io at n rm fo ns a Tr Part o f of rt Pa Simulation Performance Prototype Execution + Measurement Completion + Compilation fo rm at io sfo n ion at rm DSL Instance an s an Dom. Exp. Tr P Tr DSL Instance of Queueing Network Java Code Skeletons Sys. Depl. t ar Transformation Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 3/18/2018 46

PCM Bench Screenshot Roles Component Model Analysis Methods Co. ME Conclusion Ralf Reussner, KIT, PCM Bench Screenshot Roles Component Model Analysis Methods Co. ME Conclusion Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 47

Tool Support Roles Component Model Analysis Methods Co. ME Conclusion Ralf Reussner, KIT, Keynote Tool Support Roles Component Model Analysis Methods Co. ME Conclusion Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 48

Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Prediction ▪ How Architectural Quality Models and Prediction Methods can be used for Softwae Quality Certification ▪ Open Issues Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 49

Factors on Quantitative Component Properties Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, Factors on Quantitative Component Properties Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 50

Certification Problem ▪ Demonstrating that the relation between quality model and implementation satisfies pre-scribed Certification Problem ▪ Demonstrating that the relation between quality model and implementation satisfies pre-scribed properties. Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 51

Execution Timecount): of a()? a(list, ? ms 2 ms 3 ms 5 ms Service Execution Timecount): of a()? a(list, ? ms 2 ms 3 ms 5 ms Service Effect Specification (SEFF) Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 52

Service Effect Specification (1) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Service Effect Specification (1) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 53

Service Effect Specification (2) Ecore Component Developers Industrialisation Engineering Certification by Prediction Open Issues Service Effect Specification (2) Ecore Component Developers Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 54

Media. Store - Architecture Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Media. Store - Architecture Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 55

Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 57

Probability Results Response Time (Seconds) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, Probability Results Response Time (Seconds) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 58

Results 1. 0 Cumulative Probability 0. 9 0. 8 0. 7 0. 6 0. Results 1. 0 Cumulative Probability 0. 9 0. 8 0. 7 0. 6 0. 5 0. 4 0. 3 0. 2 0. 1 0. 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 Response Time (Seconds) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 59

Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Overview ▪ Software Industrialisation & Software Quality Certification ▪ Software Engineering & Software Quality Prediction ▪ How Architectural Quality Models and Prediction Methods can be used for Softwae Quality Certification ▪ Open Issues Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 60

Standard Certification Scenario So ftw & ion t ina tion am ca Ex rtifi Standard Certification Scenario So ftw & ion t ina tion am ca Ex rtifi Ce Software Developer ar e. O ffe r Trust Customer Certification Authority Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 61 61

Autonomic Certification Scenario So ftw Software Developer ar e. O ffe r Checks certificate Autonomic Certification Scenario So ftw Software Developer ar e. O ffe r Checks certificate Provides certifies tools for certificatie checks Customer Certification Authority Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 62 62

Specific Challenges of Component Certification ▪ Component developer has to provide checkable certificate for Specific Challenges of Component Certification ▪ Component developer has to provide checkable certificate for component, – but does not want to expose specific know-how of the component implementation ▪ In the standard certification scenario this is not a problem, Software Developer – as certification authority can see all internal of the components but its certification needs not to contain component specific information (except the component ID and a hash value) Different for the autonomic scenario. Certifification can just mean failed falsification. Certification Authority Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 63

Research Questions ▪ How to demonstrate that a quality model (e. g. performance or Research Questions ▪ How to demonstrate that a quality model (e. g. performance or reliability) fits to an implementation? ▪ Right level of abstraction? Model vs. code, model vs. code abstraction? ▪ How to automatical gain code abstractions? ▪ Right mix of testing, automated code-analysis and verification (in particular model-checking) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 64

Certification levels ▪ ▪ depend on architectural analysis to be performed An example hierarchy: Certification levels ▪ ▪ depend on architectural analysis to be performed An example hierarchy: 1. components as black boxes (no model on component behaviour) architectural dependency analysis for components. (If component fails, which other components are affected) 2. components with a model on dependency between provided and required services architectural dependency analysis for components on service granularity. (If component service fails, which other services are affected) 3. components with protocol information if required protocol changes, what is the new provides protocol) 4. components with Qo. S model analysis of system-wide Qo. S properties Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 65

Process for dynamic reconstruction Provided Component 0100100 1011010 0001111011001 0001010111001 Provided Quality Model Internal. Process for dynamic reconstruction Provided Component 0100100 1011010 0001111011001 0001010111001 Provided Quality Model Internal. Calculation Check conformance: • bisimulation • testing • simulation External. Call Reconstructed Model Internal. Calculation External. Call Control flow abstraction Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 67

Machine Learning ▪ Not limited to one approach – Genetic Algorithms (GA) – Support Machine Learning ▪ Not limited to one approach – Genetic Algorithms (GA) – Support Vector Machines (SVM) – Hill-Climbing / simulated annealing – Regression (Splines / linear) – Stochastic approximation – Greedy optimization –… Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 69

What is to be learned? ▪ Loops long my. Service (int a, int b) What is to be learned? ▪ Loops long my. Service (int a, int b) – Break conditions – Loop number (depending on input parameters, (a, b)) ▪ Branches – Branching conditions / probabilities ▪ Call of component-external services float required. Service (double x, double y) – Frequency / probability – Conditions – Call parameters (x, y) as a function of input parameters (a, b) ▪ Return value of provided service (long) Based on (input dimensions) ▪ Service input parameters (of described service) (a, b) ▪ Return parameters (of component-external calls) (float) Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 70

Conclusions ▪ Prediction and Understanding of the Consequences of Design Decisions is THE central Conclusions ▪ Prediction and Understanding of the Consequences of Design Decisions is THE central characteristic of an engineering discipline. ▪ Components and MDD lower the degrees of freedom in implementation ▪ Creativity is on design-model level ▪ Quality-driven design requires prediction models – Automatically generated from design models ▪ Certification as a means to provide standardised component with standardised quality ▪ Certification approaches can make use of verification and prediction techniques, etc, but answers a different question. Industrialisation Engineering Certification by Prediction Open Issues Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 71

Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle Missing: Franz Brosch Dr. Jan Kofron Christof Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle Missing: Franz Brosch Dr. Jan Kofron Christof Momm Dr. Pierre Parrend 72 Dr. Barbora Zimmerova

Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 73 Ralf Reussner, KIT, Keynote SERENE 2008, Newcastle 73