Sara Tucci Piergiovanni - Academia.edu (original) (raw)
Papers by Sara Tucci Piergiovanni
Proceedings of the 24th Symposium on Principles and Practice of Parallel Programming
The presented work continues the line of recent distributed computing community efforts dedicated... more The presented work continues the line of recent distributed computing community efforts dedicated to the theoretical aspects of blockchains. This paper is the first to specify blockchains as a composition of abstract data types all together with a hierarchy of consistency criteria that formally characterizes the histories admissible for distributed programs that use them. Our work is based on an original oracle-based construction that, along with new consistency definitions, captures the eventual convergence process in blockchain systems. The paper presents as well some results on implementability of the presented abstractions and a mapping of representative existing blockchains from both academia and industry in our framework.
Automated Software Engineering
2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, 2015
In this paper we define a simulation-driven process to improve the design of real-time control sy... more In this paper we define a simulation-driven process to improve the design of real-time control systems. The process aims at exploring the interplay betwen control performance and real-time behavior of control tasks. The traditional design flows based on the definition of implicit tasks deadlines on control functions are extended to include the exploration of relaxed deadlines and order of execution constraints. Relaxed deadlines, coupled with an optimization approach to find feasible task sets, allow the exploration and evaluation of different task implementations. The definition of relaxed deadlines and the evaluation of task implementations is performed using the T-Res (Time and Resource) scheduling simulation framework [21] under Simulink. The problem is defined as a quadratic optimization problem using a tight upper bound formulation of the task response times. The application of the method to a quadcopter case study shows how the consideration of the control performance in the definition of the timing parameters of interest can lead to an improved design.
In the context of asynchronous distributed systems with infinitely many processes, this paper stu... more In the context of asynchronous distributed systems with infinitely many processes, this paper studies the problem of maintaining connectivity among a set of processes forming a group in a dynamic context where (i) processes can arrive to and depart from the group and (ii) processes have a partial knowledge of other processes belonging to the group. In this setting we give the specification of a new problem, namely the Dynamic Group Connectivity (DGC), we provide a few impossibility results and give a deterministic protocol solving the problem. We give, in such a dynamic context, (i) the specification of a service of reliable broadcast showing that it is equivalent to DGC and (ii) the specification of a service of atomic broadcast and a solution based on the protocol presented to solve DGC.
This paper studies the problem of maintaining eventual consistent group membership without any sy... more This paper studies the problem of maintaining eventual consistent group membership without any synchrony assumption inside an unbounded group G of processes that varies over the time (processes may join and leave the group). Eventual consistency means that if at any time all group membership changes cease, processes will converge in a finite time to a single consistent view. Due to the lack of any synchrony assumption, this specification is well suited to large scale peer to peer environments. The paper also presents two impossibility results and two eventual group membership implementations. Last but not least, pointing out a circularity problem, the paper also shows the impossibility of implementing eventual group membership without the existence of a special peer inside the group.
The synchronization among thin, independent and concurrent processes in an open distributed syste... more The synchronization among thin, independent and concurrent processes in an open distributed system is a fundamental issue in current architectures (e.g. middlewares, three-tier architectures etc.). "Independent process" means no message has to be exchanged among the processes to synchronize themselves and "open" means that the number of processes that require to synchronize changes along the time. In this paper we present the specification of a sequencer service that allows independent processes to get a sequence number that can be used to label successive operations (e.g. to allow a set of independent and concurrent processes to get a total order on these labelled operations). Moreover, we propose an implementation of the sequencer service in the timed asynchronous model along with its correctness proof.
Causal consistency has been introduced to increase wait-free concurrent accesses to a shared memo... more Causal consistency has been introduced to increase wait-free concurrent accesses to a shared memory. Contrarily to sequential consistency, causal consistency allows independent write operations, with respect to the causality relation, to be executed in different orders at each distinct process. This paper introduces a protocol for fully replicated settings which exploits the writing semantic and piggybacks on each update message related to a write operation an amount of control information which is O(n) where n is the number of processes. The protocol tracks causality relation by taking transitive dependencies on write operations into account.
I would like to thank Roberto Baldoni, my supervisor, for his precious guidance and constant supp... more I would like to thank Roberto Baldoni, my supervisor, for his precious guidance and constant support during this research. I am also thankful to Jean-Michel Hélary for his many suggestions and support through the early times of chaos and confusion and to Lorenzo Alvisi for his sharp reality checks. I'd also like to thank my committee members, Rachid Guerraoui, Michel Raynal, Marco Cadoli, Bruno Ciciani. Of course, I am grateful to Angelo for his love, and to my parents for their patience. Without them this work would never have come into existence (literally). I would also like thank my little kid Mattia for his smiles during all bad days for research. Finally, I wish to thank the following: Massimiliano (my wonderful bros); Federico,
This document describes a software architecture that can be deployed over a cooperative informati... more This document describes a software architecture that can be deployed over a cooperative information system in order to diffuse and improve the overall quality of data in the whole environment. The architecture is made up of a set of functional components that implement different improvement functions. The overall design of all the components is presented here, together with a detailed description of the various interaction modes among them.
This paper studies the problem of maintaining eventual consistent group membership without any sy... more This paper studies the problem of maintaining eventual consistent group membership without any synchrony assumption inside an unbounded group G of processes that varies over the time (processes may join and leave the group). Eventual consistency means that if at any time all group membership changes cease, processes will converge in a flnite time to a single consistent view. Due
ICPS '05. Proceedings. International Conference on Pervasive Services, 2005., 2005
In the context of mobile ad-hoc networks, this paper studies the problem of reliable communicatio... more In the context of mobile ad-hoc networks, this paper studies the problem of reliable communication among a set of processes forming a group in a dynamic system with an unbounded number of processes. A communication is reliable if any message sent by a member of the group that never leaves or leaves the group in an intentional way is eventually delivered to every member that doesn't leave the group. The problem is studied in a setting where communication links model a temporary disconnection among group members. The paper shows that additional assumptions on the system model are necessary to assure reliable communication. Then it presents a protocol, based on these assumptions, solving the problem in a meeting/conference room application scenario.
Proceedings of the 29th ACM/IEEE international conference on Automated software engineering - ASE '14, 2014
The adoption of AUTOSAR and Model Driven Engineering (MDE) for the design of automotive software ... more The adoption of AUTOSAR and Model Driven Engineering (MDE) for the design of automotive software architectures allows an early analysis of system properties and the automatic synthesis of architecture and software implementation. To select and configure the architecture with respect to timing constraints, knowledge about the worst case execution times (WCET) of functions is required. An accurate evaluation of the WCET is only possible when reusing legacy functionality or very late in the development and procurement process. To drive the integration of SW components belonging to systems with timing constraints, automotive methodologies propose to assign WCET budgets to functions. This paper presents two solutions to assign budgets, while considering at the same time the problem of SW/HW synthesis. The first solution is a one-step algorithm. The second is an iterative improvement procedure with a staged approach that scales better to very large size systems. Both methods are evaluated on industrial systems to study their effectiveness and scalability.
This deliverable presents the general infrastructure for communication among peers belonging to s... more This deliverable presents the general infrastructure for communication among peers belonging to semantic communities. The main feature of the proposed architecture is its scalability and decentralization. Peers are able to self-arrange in semantic overlay networks by matching at run time their interests (represented by an ontology) with other peers of the system. Semantic overlays can then appear and disappear by following the emergent behaviour of peers inside the system.
This document describes a software architecture that can be deployed over a cooperative informati... more This document describes a software architecture that can be deployed over a cooperative information system in order to diuse and improve the overall quality of data in the whole environment. The architecture is made up of a set of functional components that implement dieren t improvement functions. The overall design of all the components is presented here,
2002 Pacific Rim International Symposium on Dependable Computing, 2002. Proceedings., 2002
The deployment of server replicas of a given service across an asynchronous distributed system (e... more The deployment of server replicas of a given service across an asynchronous distributed system (e.g. Internet) is a real practical challenge. This target cannot be indeed achieved by classical software replication techniques (e.g. passive and active replication) as these techniques usually rely on group communication toolkits that require server replicas to run over a partially synchronous distributed system. This paper proposes a threetier architecture for software replication that encapsulates the need of partial synchrony in a specific software component of a mid-tier to free replicas (end-tier) and clients (client-tier) from the need of underlying partial synchrony assumptions. Then we propose how to specialize the mid-tier in order to manage active replication of server replicas.
10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'07), 2007
Nowadays, there are many protocols able to cope with process crashes, but, unfortunately, a proce... more Nowadays, there are many protocols able to cope with process crashes, but, unfortunately, a process crash represents only a particular faulty behavior. Handling tougher failures (e.g. sending omission failures, receive omission failures, arbitrary failures) is a real practical challenge due to malicious attacks or unexpected software errors. This paper proposes a component-based methodology allowing to take a protocol A resilient to crash failures and to add software components in order to adapt the protocol A to be resilient to more general failures than crash, without changing the code of A. On this basis, it introduces the notions of liveness failure detector and safety failure detector, two independent software components to be used by a protocol to increases its resilience respectively to liveness and safety failures of processes running the protocol. Then, the feasibility of this approach is shown, by providing an implementation of liveness failure detectors and of safety failure detectors for a protocol solving the problem of global data computation.
2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06), 2006
In the context of clients accessing a read/write shared object, persistency of a written value is... more In the context of clients accessing a read/write shared object, persistency of a written value is a property stating that a value written into the object is always available unless overwritten by a successive write operation. This property can be easily guaranteed in a static distributed system provided that either a subset of processes implementing the object does not crash or processes can crash and then recover being able to retrieve their last state. Unfortunately the enforcing of this property in a potentially large scale and dynamic distributed system (e.g. a P2P system) is far from being trivial when considering the case in which processes implementing the object may fail or leave at any time without notifying any other process (i.e., the last state might not be retrievable). The paper introduces the notion of weak persistency that guarantees persistency of values when a system becomes quiescent (arrivals and departures subside). An implementation of a weakly-persistent object ensuring causal consistency is provided along with its correctness proof. The interest of causal consistency lies in the fact that, contrarily to atomic consistency, it can be maintained even during non-quiescent periods of the distributed system (i.e., when persistency is not guaranteed).
18th International Parallel and Distributed Processing Symposium, 2004. Proceedings., 2004
Distributed shared memory (DSM) is one of the main abstraction to implement data-centric informat... more Distributed shared memory (DSM) is one of the main abstraction to implement data-centric information exchanges among a set of processes. Ensuring causal consistency means all operations executed at each process will be compliant to a cause effect relation. This paper first provides an optimality criterion for a protocol P that enforces causal consistency on a DSM. This criterion addresses the number of write operations delayed by P (write delay optimality). Then we present a protocol which is optimal with respect to write delay optimality and we show how previous protocols presented in the literature are not optimal with respect to such a criterion. * This work is partially supported by the european project EU-Publi.com funded by the European Community and by the italian projects MAIS and IS-MANET funded by the Italian Ministry of Research. 1 This comes from the well-known inability of the "happened-before" relation to model true cause-effect relations among events of a distributed computation. These cause-effect relations belong indeed to the semantics sphere of the underlying application (DSM in this paper) rather than the message pattern generated by the distributed computation. 2 The causal message ordering abstraction states each process has to deliver messages according to the relation → of their sendings [3].
Proceedings of the 24th Symposium on Principles and Practice of Parallel Programming
The presented work continues the line of recent distributed computing community efforts dedicated... more The presented work continues the line of recent distributed computing community efforts dedicated to the theoretical aspects of blockchains. This paper is the first to specify blockchains as a composition of abstract data types all together with a hierarchy of consistency criteria that formally characterizes the histories admissible for distributed programs that use them. Our work is based on an original oracle-based construction that, along with new consistency definitions, captures the eventual convergence process in blockchain systems. The paper presents as well some results on implementability of the presented abstractions and a mapping of representative existing blockchains from both academia and industry in our framework.
Automated Software Engineering
2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, 2015
In this paper we define a simulation-driven process to improve the design of real-time control sy... more In this paper we define a simulation-driven process to improve the design of real-time control systems. The process aims at exploring the interplay betwen control performance and real-time behavior of control tasks. The traditional design flows based on the definition of implicit tasks deadlines on control functions are extended to include the exploration of relaxed deadlines and order of execution constraints. Relaxed deadlines, coupled with an optimization approach to find feasible task sets, allow the exploration and evaluation of different task implementations. The definition of relaxed deadlines and the evaluation of task implementations is performed using the T-Res (Time and Resource) scheduling simulation framework [21] under Simulink. The problem is defined as a quadratic optimization problem using a tight upper bound formulation of the task response times. The application of the method to a quadcopter case study shows how the consideration of the control performance in the definition of the timing parameters of interest can lead to an improved design.
In the context of asynchronous distributed systems with infinitely many processes, this paper stu... more In the context of asynchronous distributed systems with infinitely many processes, this paper studies the problem of maintaining connectivity among a set of processes forming a group in a dynamic context where (i) processes can arrive to and depart from the group and (ii) processes have a partial knowledge of other processes belonging to the group. In this setting we give the specification of a new problem, namely the Dynamic Group Connectivity (DGC), we provide a few impossibility results and give a deterministic protocol solving the problem. We give, in such a dynamic context, (i) the specification of a service of reliable broadcast showing that it is equivalent to DGC and (ii) the specification of a service of atomic broadcast and a solution based on the protocol presented to solve DGC.
This paper studies the problem of maintaining eventual consistent group membership without any sy... more This paper studies the problem of maintaining eventual consistent group membership without any synchrony assumption inside an unbounded group G of processes that varies over the time (processes may join and leave the group). Eventual consistency means that if at any time all group membership changes cease, processes will converge in a finite time to a single consistent view. Due to the lack of any synchrony assumption, this specification is well suited to large scale peer to peer environments. The paper also presents two impossibility results and two eventual group membership implementations. Last but not least, pointing out a circularity problem, the paper also shows the impossibility of implementing eventual group membership without the existence of a special peer inside the group.
The synchronization among thin, independent and concurrent processes in an open distributed syste... more The synchronization among thin, independent and concurrent processes in an open distributed system is a fundamental issue in current architectures (e.g. middlewares, three-tier architectures etc.). "Independent process" means no message has to be exchanged among the processes to synchronize themselves and "open" means that the number of processes that require to synchronize changes along the time. In this paper we present the specification of a sequencer service that allows independent processes to get a sequence number that can be used to label successive operations (e.g. to allow a set of independent and concurrent processes to get a total order on these labelled operations). Moreover, we propose an implementation of the sequencer service in the timed asynchronous model along with its correctness proof.
Causal consistency has been introduced to increase wait-free concurrent accesses to a shared memo... more Causal consistency has been introduced to increase wait-free concurrent accesses to a shared memory. Contrarily to sequential consistency, causal consistency allows independent write operations, with respect to the causality relation, to be executed in different orders at each distinct process. This paper introduces a protocol for fully replicated settings which exploits the writing semantic and piggybacks on each update message related to a write operation an amount of control information which is O(n) where n is the number of processes. The protocol tracks causality relation by taking transitive dependencies on write operations into account.
I would like to thank Roberto Baldoni, my supervisor, for his precious guidance and constant supp... more I would like to thank Roberto Baldoni, my supervisor, for his precious guidance and constant support during this research. I am also thankful to Jean-Michel Hélary for his many suggestions and support through the early times of chaos and confusion and to Lorenzo Alvisi for his sharp reality checks. I'd also like to thank my committee members, Rachid Guerraoui, Michel Raynal, Marco Cadoli, Bruno Ciciani. Of course, I am grateful to Angelo for his love, and to my parents for their patience. Without them this work would never have come into existence (literally). I would also like thank my little kid Mattia for his smiles during all bad days for research. Finally, I wish to thank the following: Massimiliano (my wonderful bros); Federico,
This document describes a software architecture that can be deployed over a cooperative informati... more This document describes a software architecture that can be deployed over a cooperative information system in order to diffuse and improve the overall quality of data in the whole environment. The architecture is made up of a set of functional components that implement different improvement functions. The overall design of all the components is presented here, together with a detailed description of the various interaction modes among them.
This paper studies the problem of maintaining eventual consistent group membership without any sy... more This paper studies the problem of maintaining eventual consistent group membership without any synchrony assumption inside an unbounded group G of processes that varies over the time (processes may join and leave the group). Eventual consistency means that if at any time all group membership changes cease, processes will converge in a flnite time to a single consistent view. Due
ICPS '05. Proceedings. International Conference on Pervasive Services, 2005., 2005
In the context of mobile ad-hoc networks, this paper studies the problem of reliable communicatio... more In the context of mobile ad-hoc networks, this paper studies the problem of reliable communication among a set of processes forming a group in a dynamic system with an unbounded number of processes. A communication is reliable if any message sent by a member of the group that never leaves or leaves the group in an intentional way is eventually delivered to every member that doesn't leave the group. The problem is studied in a setting where communication links model a temporary disconnection among group members. The paper shows that additional assumptions on the system model are necessary to assure reliable communication. Then it presents a protocol, based on these assumptions, solving the problem in a meeting/conference room application scenario.
Proceedings of the 29th ACM/IEEE international conference on Automated software engineering - ASE '14, 2014
The adoption of AUTOSAR and Model Driven Engineering (MDE) for the design of automotive software ... more The adoption of AUTOSAR and Model Driven Engineering (MDE) for the design of automotive software architectures allows an early analysis of system properties and the automatic synthesis of architecture and software implementation. To select and configure the architecture with respect to timing constraints, knowledge about the worst case execution times (WCET) of functions is required. An accurate evaluation of the WCET is only possible when reusing legacy functionality or very late in the development and procurement process. To drive the integration of SW components belonging to systems with timing constraints, automotive methodologies propose to assign WCET budgets to functions. This paper presents two solutions to assign budgets, while considering at the same time the problem of SW/HW synthesis. The first solution is a one-step algorithm. The second is an iterative improvement procedure with a staged approach that scales better to very large size systems. Both methods are evaluated on industrial systems to study their effectiveness and scalability.
This deliverable presents the general infrastructure for communication among peers belonging to s... more This deliverable presents the general infrastructure for communication among peers belonging to semantic communities. The main feature of the proposed architecture is its scalability and decentralization. Peers are able to self-arrange in semantic overlay networks by matching at run time their interests (represented by an ontology) with other peers of the system. Semantic overlays can then appear and disappear by following the emergent behaviour of peers inside the system.
This document describes a software architecture that can be deployed over a cooperative informati... more This document describes a software architecture that can be deployed over a cooperative information system in order to diuse and improve the overall quality of data in the whole environment. The architecture is made up of a set of functional components that implement dieren t improvement functions. The overall design of all the components is presented here,
2002 Pacific Rim International Symposium on Dependable Computing, 2002. Proceedings., 2002
The deployment of server replicas of a given service across an asynchronous distributed system (e... more The deployment of server replicas of a given service across an asynchronous distributed system (e.g. Internet) is a real practical challenge. This target cannot be indeed achieved by classical software replication techniques (e.g. passive and active replication) as these techniques usually rely on group communication toolkits that require server replicas to run over a partially synchronous distributed system. This paper proposes a threetier architecture for software replication that encapsulates the need of partial synchrony in a specific software component of a mid-tier to free replicas (end-tier) and clients (client-tier) from the need of underlying partial synchrony assumptions. Then we propose how to specialize the mid-tier in order to manage active replication of server replicas.
10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'07), 2007
Nowadays, there are many protocols able to cope with process crashes, but, unfortunately, a proce... more Nowadays, there are many protocols able to cope with process crashes, but, unfortunately, a process crash represents only a particular faulty behavior. Handling tougher failures (e.g. sending omission failures, receive omission failures, arbitrary failures) is a real practical challenge due to malicious attacks or unexpected software errors. This paper proposes a component-based methodology allowing to take a protocol A resilient to crash failures and to add software components in order to adapt the protocol A to be resilient to more general failures than crash, without changing the code of A. On this basis, it introduces the notions of liveness failure detector and safety failure detector, two independent software components to be used by a protocol to increases its resilience respectively to liveness and safety failures of processes running the protocol. Then, the feasibility of this approach is shown, by providing an implementation of liveness failure detectors and of safety failure detectors for a protocol solving the problem of global data computation.
2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06), 2006
In the context of clients accessing a read/write shared object, persistency of a written value is... more In the context of clients accessing a read/write shared object, persistency of a written value is a property stating that a value written into the object is always available unless overwritten by a successive write operation. This property can be easily guaranteed in a static distributed system provided that either a subset of processes implementing the object does not crash or processes can crash and then recover being able to retrieve their last state. Unfortunately the enforcing of this property in a potentially large scale and dynamic distributed system (e.g. a P2P system) is far from being trivial when considering the case in which processes implementing the object may fail or leave at any time without notifying any other process (i.e., the last state might not be retrievable). The paper introduces the notion of weak persistency that guarantees persistency of values when a system becomes quiescent (arrivals and departures subside). An implementation of a weakly-persistent object ensuring causal consistency is provided along with its correctness proof. The interest of causal consistency lies in the fact that, contrarily to atomic consistency, it can be maintained even during non-quiescent periods of the distributed system (i.e., when persistency is not guaranteed).
18th International Parallel and Distributed Processing Symposium, 2004. Proceedings., 2004
Distributed shared memory (DSM) is one of the main abstraction to implement data-centric informat... more Distributed shared memory (DSM) is one of the main abstraction to implement data-centric information exchanges among a set of processes. Ensuring causal consistency means all operations executed at each process will be compliant to a cause effect relation. This paper first provides an optimality criterion for a protocol P that enforces causal consistency on a DSM. This criterion addresses the number of write operations delayed by P (write delay optimality). Then we present a protocol which is optimal with respect to write delay optimality and we show how previous protocols presented in the literature are not optimal with respect to such a criterion. * This work is partially supported by the european project EU-Publi.com funded by the European Community and by the italian projects MAIS and IS-MANET funded by the Italian Ministry of Research. 1 This comes from the well-known inability of the "happened-before" relation to model true cause-effect relations among events of a distributed computation. These cause-effect relations belong indeed to the semantics sphere of the underlying application (DSM in this paper) rather than the message pattern generated by the distributed computation. 2 The causal message ordering abstraction states each process has to deliver messages according to the relation → of their sendings [3].