Model-Based Autonomic Performance Management of Distributed Enterprise Systems and Applications

Mehrotra, Rajat

14 December 2013

Distributed computing systems (DCS) host a wide variety of enterprise applications in dynamic and uncertain operating environments. These applications require stringent reliability, availability, and quality of service (QoS) guarantee to maintain their service level agreements (SLAs). Due to the growing size and complexity of DCS, an autonomic performance management system is required to maintain SLAs of these applications. A model-based autonomic performance management structure is developed in this dissertation for applications hosted in DCS. A systematic application performance modeling approach is introduced in this dissertation to define the dependency relationships among the system parameters, which impact the application performance. The developed application performance model is used by a model-based predictive controller for managing multi-dimensional QoS objectives of the application. A distributed control structure is also developed to provide scalability for performance management and to eliminate the requirement of approximate behavior modeling in the hierarchical arrangement of DCS. A distributed monitoring system is also introduced in this dissertation to keep track of computational resources utilization, application performance statistics, and scientific application execution in a DCS, with minimum latency and controllable resource overhead. The developed monitoring system is self-configuring, self-aware, and fault-tolerant. It can also be deployed for monitoring of DCS with heterogeneous computing systems. A configurable autonomic performance management system is developed using modelintegrated computing methodologies, which allow administrators to define the initial settings of the application, QoS objectives, system components’ placement, and interaction among these components in a graphical domain specific modeling environment. This configurable performance management system facilitates reusability of the same components, algorithms, and application performance models in different deployment settings.

Component Based Approach.

Model Integrated Computing

Distributed Control Structure

Distributed Monitoring

Performance Management

Parallelism and modular proof in differential dynamic logic / Parallélisme et preuve modulaire en logique dynamique différentielle

Lunel, Simon

28 January 2019

Les systèmes cyber-physiques mélangent des comportements physiques continus, tel la vitesse d'un véhicule, et des comportement discrets, tel que le régulateur de vitesse d'un véhicule. Ils sont désormais omniprésents dans notre société. Un grand nombre de ces systèmes sont dits critiques, i.e. une mauvaise conception entraînant un comportement non prévu, un bug, peut mettre en danger des êtres humains. Il est nécessaire de développer des méthodes pour garantir le bon fonctionnement de tels systèmes. Les méthodes formelles regroupent des procédés mathématiques pour garantir qu'un système se comporte comme attendu, par exemple que le régulateur de vitesse n'autorise pas de dépasser la vitesse maximale autorisée. De récents travaux ont permis des progrès significatifs dans ce domaine, mais l'approche adoptée est encore monolithique, i.e. que le système est modélisé d'un seul tenant et est ensuite soumis à la preuve. Notre problématique est comment modéliser efficacement des systèmes cyber-physiques dont la complexité réside dans une répétition de morceaux élémentaires. Et une fois que l'on a obtenu une modélisation, comment garantir le bon fonctionnement de tels systèmes. Notre approche consiste à modéliser le système de manière compositionnelle. Plutôt que de vouloir le modéliser d'un seul tenant, il faut le faire morceaux par morceaux, appelés composants. Chaque composant correspond à un sous-système du système final qu'il est simple de modéliser. On obtient le système complet en assemblant les composants ensembles. Ainsi une usine de traitement des eaux est obtenue en assemblant différentes cuves. L'intérêt de cette méthode est qu'elle correspond à l'approche des ingénieurs dans l'industrie : considérer des éléments séparés que l'on compose ensuite. Mais cette approche seule ne résout pas le problème de la preuve de bon fonctionnement du système. Il faut aussi rendre la preuve compositionnelle. Pour cela, on associe à chaque composant des propriétés sur ses entrées et sortie, et on prouve qu'elles sont respectées. Cette preuve peut être effectué par un expert, mais aussi par un ordinateur si les composants sont de tailles raisonnables. Il faut ensuite nous assurer que lors de l'assemblage des composants, les propriétés continuent à être respectées. Ainsi, la charge de la preuve est reportée sur les composants élémentaires, l'assurance du respect des propriétés désirées est conservée lors des étapes de composition. On peut alors obtenir une preuve du bon fonctionnement de systèmes industriels avec un coût de preuve réduit. Notre contribution majeure est de proposer une telle approche compositionnelle à la fois pour modéliser des systèmes cyber-physiques, mais aussi pour prouver qu'ils respectent les propriétés voulues. Ainsi, à chaque étape de la conception, on s'assure que les propriétés sont conservées, si possible à l'aide d'un ordinateur. Le système résultant est correct par construction. De ce résultat, nous avons proposé plusieurs outils pour aider à la conception de systèmes cyber-physiques de manière modulaire. On peut raisonner sur les propriétés temporelles de tels systèmes, par exemple est-ce que le temps de réaction d'un contrôleur est suffisamment court pour garantir le bon fonctionnement. On peut aussi raisonner sur des systèmes où un mode nominal cohabite avec un mode d'urgence. / Cyber-physical systems mix continuous physical behaviors, e.g. the velocity of a vehicle, and discrete behaviors, e.g. the cruise-controller of the vehicle. They are pervasive in our society. Numerous of such systems are safety-critical, i.e. a design error which leads to an unexpected behavior can harm humans. It is mandatory to develop methods to ensure the correct functioning of such systems. Formal methods is a set of mathematical methods that are used to guarantee that a system behaves as expected, e.g. that the cruise-controller does not allow the vehicle to exceed the speed limit. Recent works have allowed significant progress in the domain of the verification of cyber-physical systems, but the approach is still monolithic. The system under consideration is modeled in one block. Our problematic is how to efficiently model cyber-physical systems where the complexity lies in a repetition of elementary blocks. And once this modeling done, how guaranteeing the correct functioning of such systems. Our approach is to model the system in a compositional manner. Rather than modeling it in one block, we model it pieces by pieces, called components. Each component correspond to a subsystem of the final system and are easier to model due to their reasonable size. We obtain the complete system by assembling the different components. A water-plant will thus be obtained by the composition of several water-tanks. The main advantage of this method is that it corresponds to the work-flow in the industry : consider each elements separately and compose them later. But this approach does not solve the problem of the proof of correct functioning of the system. We have to make the proof compositional too. To achieve it, we associate to each component properties on its inputs and outputs, then prove that they are satisfied. This step can be done by a domain expert, but also by a computer program if the component is of a reasonable size. We have then to ensure that the properties are preserved through the composition. Thus, the proof effort is reported to elementary components. It is possible to obtain a proof of the correct functioning of industrial systems with a reduced proof effort. Our main contribution is the development of such approach in Differential Dynamic Logic. We are able to modularly model cyber-physical systems, but also prove their correct functioning. Then, at each stage of the design, we can verify that the desired properties are still guaranteed. The resulting system is correct-by-construction. From this result, we have developed several tools to help for the modular reasoning on cyber-physical systems. We have proposed a methodology to reason on temporal properties, e.g. if the execution period of a controller is small enough to effectively regulate the continuous behavior. We have also showed how we can reason on functioning modes in our framework.

Systèmes cyber-Physiques

Logique dynamique différentielle

Approche par composants

Contrats

Parallélisme

Correct par construction

Cyber-Physical systems

Differential Dynamic Logic

Component-Based approach

Contracts

Parallelism

Correct-By-Construction

Service-Oriented Integration of Component and Organizational MultiAgent Models / Intégration orientée services des approches composants logiciels et systèmes MultiAgents Organisationnelles

Aboud, Nour

04 December 2012

Les travaux présentés dans cette thèse concernent des problématiques d'architecture logicielle multi-domaines pour le développement d’applications distribuées. Ces applications sont caractérisées aujourd’hui comme des systèmes ouverts, complexes, hétérogènes et à large échelle. Les approches traditionnelles, telles que l’approche orienté objet, n’offrent plus un paradigme de conception suffisant pour appréhender la complexité de tels systèmes. Ces nouvelles tendances ont conduit à l’émergence d’approches de plus haut niveau telles que les approches orientées services, composants ou agents. Chacune de ces approches offrent des intérêts et des caractéristiques propres dans le développement d’applications distribuées. Les services offrent une abstraction et une interopérabilité à large échelle. Abstraction dans le sens où un service permet de spécifier un élément fonctionnel sans préciser comment cet élément est implémenté. Les composants sont une approche robuste basée sur la composition et la réutilisation d’éléments clairement définis par leurs interfaces. Les agents sont eux des éléments présentant un comportement dynamique dirigé par un but et des interactions de haut niveau avec les autres agents formant l’application, vue comme une organisation de services collaboratifs. D’un point de vue conceptuel, le service peut donc être perçu comme le modèle « métier » de l’application, alors que les composants et les agents constituent un modèle d’implémentation. L’étude de ces différents domaines et des modèles associés, a montré que les approches composants et agents sont complémentaires, les points forts d’une approche représentant les faiblesses de l’autre. Face à ce constat, il nous est paru intéressant d’intégrer ces deux approches, au sein d’une même démarche de conception. Cela permet, d’une part, qu’une approche puisse bénéficier des intérêts de l’autre et d’autre part, d’utiliser conjointement des agents et des composants dans la conception d'une même application. La démarche que nous avons adoptée consiste à considérer les services comme pivot d’interaction afin de rendre possible l’interopérabilité des agents et des composants. Pour supporter cette démarche, nous avons défini un processus de conception basé sur l’Ingénierie Des Modèles qui contient quatre modèles conceptuels (Domain Specific language) dont l’intérêt est de mettre l’accent sur les concepts de services et d’interaction. Nous avons ainsi défini un modèle de services, un modèle de composants et un modèle d’agents. Enfin, un modèle mixte appelé CASOM, Component Agent Service Oriented Model, permet de spécifier une application via une combinaison des trois domaines précédents. Ensuite, des règles de correspondances ont été définies entre les quatre modèles pour pouvoir par exemple transformer une spécification agents en une spécification composants ou mixte. L'implémentation de ces transformations a été réalisée en langage ATL (ATLAS Transformation Language). / The presented work considers problems related to multi-domain software architecture for the development of distributed applications. These applications are large-scaled, heterogeneous, open and complex software systems. Traditional approaches such as object-oriented are no longer sufficient to represent such complex systems. These trends lead to the emergence of higher-level approaches such as service-oriented, components or agents. Each one of these approaches offers interests and characteristics in the development of distributed applications. Services provide an abstraction and interoperability in a large scale. Abstraction is in the sense that a service can specify a functional element without specifying how this element is implemented. The components are a robust approach based on composition and reusability through their clearly defined interfaces. Agents are elements which are characterized by dynamic goal directed behaviours and high-level interactions with other agents forming the application, seen as an organization for collaborative services. From a conceptual point of view, the service can be seen as the “business” model of an application, while components and agents are the implementation models. The study of these different domains, with their related models, showed that the components and agents approaches are complementary; the strengths of one approach overcome the weaknesses of the other. Therefore, we are interested in the integration of these two approaches in a single design approach. This allows an approach to benefit from the interests of the other, on one hand and the use of agents and components jointly in the design of an application on the other hand. To reach our objective, we consider services as pivot of interaction between agents and components. The result of our analysis leads us to develop a design process based on Model-Driven Engineering which contains four conceptual models (Domain Specific Languages) with the main interest of focusing on the concepts of services and interaction. We then defined a service, component and agent models. Finally, a hybrid model called CASOM, Component Agent Service Oriented Model, was proposed that allows application specification via a combination of the three domains. Then, mapping rules have been defined between the four models in order to transform agents specification into components specification or mixed. The implementation of these transformations was done in ATL language (ATLAS Transformation Language).

Architecture logicielle multi-domaines

Approche a base de composants

Systèmes multiagents organisationnels

Architecture Orientée Service

Multi-domain software architecture

Component-based approach

Organizational MultiAgent systems

Service Oriented Architecture

HUMAN AND ANIMAL HEALTH RISK ASSESSMENT OF MYCOTOXIN MIXTURES IN MAIZE: FROM FUNGAL PRODUCTION AND OCCURRENCE TO HARMONISED RISK CHARACTERISATION

PALUMBO, ROBERTA

03 April 2020

Maize is the principal staple food/feed crop exposed to mycotoxins, and the co-occurrence of multiple mycotoxins and their metabolites has been well documented. Dietary (co)-exposure to mycotoxins is associated with human and animal health concerns as well as economic losses. The present thesis aims to apply a holistic approach for the risk assessment of mycotoxin mixtures in food and feed, i.e. from fungal production and occurrence to harmonised risk characterisation. This was done in three folds. Firstly, available environmental, ecological, and agronomic factors that may affect the relative abundance of co-occurring mycotoxins in the contaminated crops were collected from peer-reviewed literature, with focus on maize (Chapter I). Secondly, (co-)occurrence data on mycotoxins in core cereals was extracted from available articles in the scientific literature and analysed to estimate potential pattern of co-exposure in humans and animals (Chapter II). Finally, Chapter III investigates the applicability of the EFSA guidance to multiple mycotoxins through a scenario of possible co-exposure in humans and animals, using maize as a case study. In particular, a human and animal risk assessment to mycotoxin mixture in maize was conducted using a modelled component-based approach for selected mixture of mycotoxins, that, according to our data, co-occur in maize based feed and food products. / Maize is the principal staple food/feed crop exposed to mycotoxins, and the co-occurrence of multiple mycotoxins and their metabolites has been well documented. Dietary (co)-exposure to mycotoxins is associated with human and animal health concerns as well as economic losses. The present thesis aims to apply a holistic approach for the risk assessment of mycotoxin mixtures in food and feed, i.e. from fungal production and occurrence to harmonised risk characterisation. This was done in three folds. Firstly, available environmental, ecological, and agronomic factors that may affect the relative abundance of co-occurring mycotoxins in the contaminated crops were collected from peer-reviewed literature, with focus on maize (Chapter I). Secondly, (co-)occurrence data on mycotoxins in core cereals was extracted from available articles in the scientific literature and analysed to estimate potential pattern of co-exposure in humans and animals (Chapter II). Finally, Chapter III investigates the applicability of the EFSA guidance to multiple mycotoxins through a scenario of possible co-exposure in humans and animals, using maize as a case study. In particular, a human and animal risk assessment to mycotoxin mixture in maize was conducted using a modelled component-based approach for selected mixture of mycotoxins, that, according to our data, co-occur in maize based feed and food products.

AGR/12: PATOLOGIA VEGETALE