1. Optimally Modifying Software for Safety and Functionality Sampath Kannan U.Penn (with Arvind Easwaran & Insup Lee)

2. Introduction User requirements on software systems –Desired functionality –Safety properties Verification/validation used to locate safety violations What about static correction of errors by system redesign?

3. Desirable Features of Model System redesign must preserve functionality: reward functionality, penalize violations System model must be stochastic because of interaction with unpredictable environment Each redesign/system control incurs a control cost.

4. System Model Software system represented by a finite state machine (FSM) Probability on transitions abstracts stochasticity Cost of control associated with blocking transitions Uncontrollable transitions explicitly labeled Numeric rewards and penalties at the states

5. System Model – cont’d q0 q1 q3 q2 20 100 -200.5.3.2 a b c 10 25 30 Goal: Control transitions to maximize difference between expected reward and control cost. Only consider the static version of the problem here.

6. DBMS Concurrency Controller Concurrency controller controls execution of transactions Transaction i can read/write data items Commit c i indicates i is complete Serializable schedule – schedule equivalent to sequential execution of transactions

7. DBMS Controller as FSM States = set of active transactions with state for each Transitions = read/write/commit Stochasticity = which transaction chosen Control cost = increased latency Reward = completed transaction Violation = non-serializability

8. Wireless Network Routing Message routing in wireless ad-hoc networks Each wireless node capable of communicating with a fixed set of nodes called its neighbors Nodes communicate by broadcasting messages Depending on the operating environment, only some of the neighbors would be able to receive the broadcast At each stage, routing algorithm chooses a node for transmission

9. Network Routing (2) State: Set of wireless nodes with the message Transition: Transmission by a particular node and reception by some of its neighbors Control action: Preventing the router from selecting some nodes Stochasticity: Uncertainty in reception of message transmitted by a neighbor Penalty: Cost of transmission Rewards: Reward for reception of message by a destination node

10. Mathematical Notation A: Control policy specifying blocked trans’ns. p(u,v) : Probability of transition (u,v) c A (u,v): Cost of controlling (u,v) under A. r(i): Reward/penalty at state i

11. Goal Want to pick control strategy A (i.e. which transitions to suppress) to minimize expected cost. Challenge: Transition probabilities are dynamic... suppressing one transition increases probabilities of others

12. Solution Technique - DAGs If FSM is directed acyclic graph (DAG) Dynamic programming algorithm computes optimal strategy efficiently –Starting from the sink nodes k, compute E k up the DAG. –When computing E i if suppressing some transition (i,j) improves E i do it.

13. Arbitrary Graphs Unique solution might not exist – switch to discounted rewards to ensure it does. Write constraints for each possible subset of transitions controlled – exponential number of constraints! Use implicit Linear Programming Solver such as Ellipsoid Algorithm to find optimum in polynomial time.

14. Conclusion Abstracted software systems as a stochastic FSM with cost of control, rewards and penalties Developed polynomial time DP algorithm for directed acyclic graphs Formulated optimization problem for strongly connected components as a LPP Described polynomial time separation oracle thereby generating polynomial time ellipsoid algorithm