Functions-as-a-Service (FaaS) is a Serverless Cloud paradigm where a platform manages the scheduling (e.g., resource allocation, run- time environments) of stateless functions. Recent work proposed using domain-specific languages to express per-function policies, e.g., policies that enforce the allocation on nodes that enjoy lower latencies to databases and services used by the function. Here, we focus on affinity-aware scenarios, i.e., where, for performance and functional requirements, the allocation of a function depends on the presence/absence of other functions on nodes. We present aAPP, an extension of a declarative, platform-agnostic language that captures affinity-aware scheduling at the FaaS level. We implement an aAPP-based prototype on Apache OpenWhisk. Besides proving that a FaaS platform can capture affinity awareness using aAPP and improve performance in affinity-aware scenarios, we use our prototype to show that aAPP imposes no noticeable overhead in scenarios without affinity constraints.
@inproceedings{DGMTZ25,
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Jacopo Mauro and
Matteo Trentin and
Gianluigi Zavattaro},
title = {Affinity-aware Serverless Function Scheduling},
booktitle = {22nd {IEEE} International Conference on Software Architecture, {ICSA} 2025, Odense, Denmark, March 31-April 4, 2025},
publisher = {{IEEE}},
year = {2025}
}
We present a new garbage collection reference counting algorithm capable of collecting reference cycles—overcoming a known limitation of traditional reference counting. The algorithm’s key features include resilience to errors during tracing, support for object finalisation, no need for supplementary heap memory during collection, and a fast breadth-first tracing approach that avoids stack overflows. We implement the algorithm as a Rust library that is idiomatic and highly compatible with the Rust ecosystem and that leverages Rust’s type system and borrow checker to minimise unsafe code and prevent undefined behaviour. We report benchmarks that show that our proposal performs comparably to popular Rust alternatives and outperforms them when dealing with garbage cycles.
@inproceedings{GG25,
author = {Saverio Giallorenzo and
Francesco Goretti},
title = {Breadth-first Cycle Collection Reference Counting: Theory and a Rust Smart Pointer Implementation},
booktitle = {Proceedings of the 40th {ACM/SIGAPP} Symposium on Applied Computing,
{SAC} 2025, Catania, Italy, March 31-April 4, 2025},
publisher = {{ACM}},
year = {2025}
}
In education, the capability of generating human-like text of Large Language Models (LLMs) inspired work on how they can increase the efficiency of learning and teaching. We study the affordability of these models for educators and students by investigating how LLMs answer multiple-choice questions (MCQs) with respect to hardware constraints and refinement techniques. We explore this space by using generic pre-trained LLMs (the 7B, 13B, and 70B variants of LLaMA-2) to answer 162 undergraduate-level MCQs from a course on Programming Languages (PL)—the MCQ dataset is a contribution of this work, which we make publicly available. Specifically, we dissect how different factors, such as using readily-available material—(parts of) the course’s textbook—for fine-tuning and quantisation (to decrease resource usage) can change the accuracy of the responses. The main takeaway is that smaller textbook-based fine-tuned models outperform generic larger ones (whose pre-training requires conspicuous resources), making the usage of LLMs for answering MCQs resource- and material-wise affordable.
@inproceedings{RGG25,
author = {Bianca Raimondi and
Saverio Giallorenzo and
Maurizio Gabbrielli},
title = {Affordably Fine-tuned LLMs Provide Better Answers to Course-specific MCQs},
booktitle = {Proceedings of the 40th {ACM/SIGAPP} Symposium on Applied Computing,
{SAC} 2025, Catania, Italy, March 31-April 4, 2025},
publisher = {{ACM}},
year = {2025}
}
Serverless programming revolutionises the implementation of cloud architectures by allowing developers to deploy stateless functions without managing server infrastructure, enabling efficient scaling and resource usage. Serverless shifts to the cloud provider the burden of managing servers and scaling, enabling developers to focus solely on writing the code for the functionalities specific to a given architecture. In this paper, we introduce Fenrir, a programming framework designed to facilitate the transition from monolithic programming to serverless. Fenrir enables developers to write applications in a monolithic style. Using annotation, users specify which components of the monolith shall implement separate serverless functions. Given these annotations, Fenrir generates a deployable serverless codebase, facilitating quick development and testing cycles while ensuring the alignment of the execution semantics between monolithic and serverless code.
@inbook{DGMTV25,
title = {Towards a Framework for Transitioning from Monolith to Serverless},
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Jacopo Mauro and
Matteo Trentin and
Gejsi Vjerdha},
year = 2025,
booktitle = {The Combined Power of Research, Education, and Dissemination: Essays Dedicated to Tiziana Margaria on the Occasion of Her 60th Birthday},
publisher = {Springer Nature Switzerland},
address = {Cham},
pages = {167--182},
doi = {10.1007/978-3-031-73887-6_13},
isbn = {978-3-031-73887-6},
editor = {Mike Hinchey and Bernhard Steffen}
}
We develop a novel approach for run-time global adaptation of microservice applications, based on synthesis of architecture-level reconfigurations. More precisely, we devise an algorithm for proactive-reactive automatic scaling that reaches a target system’s Maximum Computational Load by performing optimal deployment orchestrations. We evaluate our approach by developing a platform for the modelling and simulation of microservice architectures, and we use such a platform to compare local/global and reactive/proactive scaling. Empirical benchmarks, obtained through our platform, show that that proactive global scaling consistently outperforms the reactive approach, but the best performances can be obtained by our original approach for mixing proactivity and reactivity. In particular, our approach surpasses the state-of-the-art when both performance and resource consumption are considered.
@article{BBGGZZ25,
author = {Lorenzo Bacchiani and
Mario Bravetti and
Saverio Giallorenzo and
Maurizio Gabbrielli and
Gianluigi Zavattaro and
Stefano Pio Zingaro},
title = {Proactive-reactive microservice architecture global scaling},
journal = {J. Syst. Softw.},
volume = {220},
pages = {112262},
year = {2025},
doi = {10.1016/J.JSS.2024.112262}
}
We present JoT, a testing framework for Microservice Architectures (MSAs) based on technology agnosticism, a core principle of microservices. The main advantage of JoT is that it reduces the amount of work for a) testing for MSAs whose services use different technology stacks, b) writing tests that involve multiple services, and c) reusing tests of the same MSA under different deployment configurations or after changing some of its components. In JoT, tests are orchestrators that can both consume or offer operations from/to the MSA under test. The language for writing JoT tests is Jolie, which provides constructs that support technology agnosticism and the definition of terse test behaviours.
@article{GMPRU25,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti and
Florian Rademacher and
Narongrit Unwerawattana},
title = {JoT: {A} Jolie framework for testing microservices},
journal = {Sci. Comput. Program.},
volume = {240},
pages = {103215},
year = {2025},
doi = {10.1016/J.SCICO.2024.103215}
}
Choreographies provide a clear way to specify the intended communication behaviour of concurrent and distributed systems. Previous theoretical work investigated the translation of choreographies into (models of) programs based on message passing. However, existing theories still present a gap between how they model communications — using channel names à la CCS or π-calculus — and implementations — which use lower-level mechanisms for message routing. We start bridging this gap with a new formal framework called Applied Choreographies. In Applied Choreographies, developers write choreographies in a familiar syntax (from previous work) and reason about their behaviour through simple, abstract name-based communication semantics. The framework offers state-of-the-art features of choreographic models, e.g., modular programming supported via choreographic types. To provide its correctness guarantee, Applied Choreographies comes with a compilation procedure that transforms a choreography into a low-level, implementation-adherent calculus of Service-Oriented Computing (SOC). To manage the complexity of the compilation, we divide its formalisation and proof into three stages, respectively dealing with: (a) the translation of name-based communications into their SOC equivalents, namely, using correlation mechanisms based on message data; (b) the projection of the given choreography into a composition of partial, single-participant choreographies (towards their translation into SOC processes); (c) the translation of partial choreographies and the distribution of global, choreography-level state into local SOC processes. We provide behavioural correspondence results for each stage. Thus, given a choreography specification, we guarantee to synthesise its faithful service-oriented implementation.
@article{GMG24,
title = {A model for correlation-based choreographic programming},
author = {Giallorenzo, Saverio and Montesi, Fabrizio and Gabbrielli, Maurizio},
year = 2024,
month = dec,
volume = 10,
pages = {e1907},
journal = {PeerJ Computer Science},
issn = {2376-5992},
doi = {10.7717/peerj-cs.1907}
}
Software-defined networking and network function virtualization have brought unparalleled flexibility in defining and managing network architectures. With the widespread diffusion of cloud platforms, more resources are available to execute virtual network functions concurrently, but the current approach to defining networks in the cloud development is held back by the lack of tools to manage the composition of more complex flows than simple sequential invocations. In this paper, we advocate for the usage of choreographic programming for defining the multiparty workflows of a network. When applied to the composition of virtual network functions, this approach yields multiple advantages: a single program expresses the behavior of all components, in a way that is easier to understand and check; a compiler can produce the executable code for each component, guaranteeing correctness properties of their interactions such as deadlock freedom; and the bottleneck of a central orchestrator is removed. We describe the proposed approach and show its feasibility via a case study where different functions cooperatively solve a security monitoring task.
@inproceedings{GMMMPP24,
author = {Saverio Giallorenzo and
Jacopo Mauro and
Andrea Melis and
Fabrizio Montesi and
Marco Peressotti and
Marco Prandini},
title = {Choreography-Defined Networks: a Case Study on DoS Mitigation},
booktitle = {Service-Oriented Computing - 22nd International Conference, {ICSOC}
2024, Tunis, Tunisia, December 3 - December 6, 2024, Proceedings},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
year = {2024},
}
We present Jolie Checker Toolchain (JCT), a plugin-based toolchain for model-code consistency and compliance analysis aimed at helping developers ensure that evolving implementations of Jolie microservices remain aligned with their intended architectural design specified with domain- and model-driven engineering approaches like LEMMA and MDSL. One of JCT’s strengths lies in providing a uniform surface for plugin development, based on the analysis of abstract syntax trees, that leverages existing code generation tools, framing checks as correspondence relations between the expected and actual programs. We present two JCT plugins to respectively check the consistency of domain-driven design annotations on Jolie APIs and verify Jolie code conformity to a given LEMMA data model. We illustrate both plugins via a use case drawn from the Lakeside Mutual architecture.
@inproceedings{GMPRSW24,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti and
Florian Rademacher and
Sabine Sachweh and
Philip Wizenty},
title = {A Toolchain for Checking Domain- and Model-driven Properties of Jolie Microservices},
booktitle = {Service-Oriented Computing - 22nd International Conference, {ICSOC}
2024, Tunis, Tunisia, December 3 - December 6, 2022, Proceedings},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
year = {2024},
}
Function-as-a-Service (FaaS) is a Serverless Cloud paradigm where a platform manages the execution scheduling (e.g., resource allocation, runtime environments) of stateless functions. Recent developments demonstrate the benefits of using domain-specific languages to express per-function scheduling policies, e.g., enforcing the allocation of functions on nodes that enjoy low data-access latencies thanks to proximity and connection pooling. In this paper, we consider APP, one of the languages proposed to specify Allocation Priority Policies in FaaS implemented on top of the popular OpenWhisk serverless platform. The aim of our operational semantics is twofold: on the one hand, it represents the underlying substrate necessary for the application of formal analysis techniques, on the other hand, it can drive consistent implementations of APP on top of the numerous serverless platforms recently proposed.
@inproceedings{DGMTZ24,
author = {Giuseppe De Palma and
Saverio Giallorenzo and
Jacopo Mauro and
Matteo Trentin and
Gianluigi Zavattaro},
editor = {Tiziana Margaria and
Bernhard Steffen},
title = {Function-as-a-Service Allocation Policies Made Formal},
booktitle = {Leveraging Applications of Formal Methods, Verification and Validation.
REoCAS Colloquium in Honor of Rocco De Nicola - 12th International
Symposium, ISoLA 2024, Crete, Greece, October 27-31, 2024, Proceedings,
Part {I}},
series = {Lecture Notes in Computer Science},
volume = {15219},
pages = {306--321},
publisher = {Springer},
year = {2024},
doi = {10.1007/978-3-031-73709-1\_19}
}
Function-as-a-Service (FaaS) is a Serverless Cloud paradigm where a platform manages the execution scheduling (e.g., resource allocation, runtime environments) of stateless functions. Recent developments demonstrate the benefits of using domain-specific languages to express per-function scheduling policies, e.g., enforcing the allocation of functions on nodes that enjoy low data-access latencies thanks to proximity and connection pooling. In this paper, we consider APP, one of the languages proposed to specify Allocation Priority Policies in FaaS implemented on top of the popular OpenWhisk serverless platform. The aim of our operational semantics is twofold: on the one hand, it represents the underlying substrate necessary for the application of formal analysis techniques, on the other hand, it can drive consistent implementations of APP on top of the numerous serverless platforms recently proposed.
@inproceedings{DGMTZ24,
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Jacopo Mauro and
Matteo Trentin and
Gianluigi Zavattaro},
title = {FunLess: Functions-as-a-Service for Private Edge Cloud Systems},
booktitle = {{IEEE} International Conference on Web Services, {ICWS} 2024, Shenzhen,
China, July 7-13, 2024},
pages = {961--967},
publisher = {{IEEE}},
year = {2024},
doi = {10.1109/ICWS62655.2024.00114}
}
Choreographic Programming (CP) is a language paradigm whereby software artefacts, called choreographies, specify the behaviour of communicating participants. Choreographic programming is famous for its correctness-by-construction approach to the development of concurrent, distributed systems. In this paper, we illustrate FaaSChal, a proposal for a CP language tailored for the case of serverless Function-as-a-Service (FaaS). In FaaS, developers define a distributed architecture as a collection of stateless functions, leaving to the serverless platform the management of deployment and scaling. We provide a first account of a CP language tailored for the FaaS case via examples that present some of its relevant features, including projection. In addition, we showcase a novel application of CP. We use the choreography as a source to extract information on the infrastructural relations among functions so that we can synthesise policies that strive to minimise their latency while guaranteeing the respect of user-defined constraints.
@unpublished{DGMTZ24,
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Jacopo Mauro and
Matteo Trentin and
Gianluigi Zavattaro},
note = {Presented at 1st International Workshop on Choreographic Programming, {CP2024}, Copenhagen, Denmark, 24 June 2024},
title = {Towards a Function-as-a-Service Choreographic Programming Language: Examples and Applications},
year = {2024}
}
The Topology-aware Allocation Priority Policies (tAPP) language allows users of serverless platforms to orient the scheduling of their functions w.r.t. the topological properties of the available computation nodes. A tAPP-based platform can support multiple scheduling policies, which one would usually enforce via (brittle) ad-hoc multi-instance platform deployments.
@InProceedings{DGMTZ24,
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Jacopo Mauro and
Matteo Trentin and
Gianluigi Zavattaro},
editor = {Ilaria Castellani and
Francesco Tiezzi},
title = {An OpenWhisk Extension for Topology-Aware Allocation Priority Policies},
booktitle = {Coordination Models and Languages - 26th {IFIP} {WG} 6.1 International
Conference, {COORDINATION} 2024, Held as Part of the 19th International
Federated Conference on Distributed Computing Techniques, DisCoTec
2024, Groningen, The Netherlands, June 17-21, 2024, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {14676},
pages = {201--218},
publisher = {Springer},
year = {2024},
doi = {10.1007/978-3-031-62697-5\_11}
}
Choreographies are coordination plans for concurrent and distributed systems, which define the roles of the involved participants and how they are supposed to work together. In the paradigm of choreographic programming, choreographies are programs that can be compiled into executable implementations. In this article, we present Choral, the first choreographic programming language based on mainstream abstractions. The key idea in Choral is a new notion of data type, which allows for expressing that data is distributed over different roles. We use this idea to reconstruct the paradigm of choreographic programming through object-oriented abstractions. Choreographies are classes, and instances of choreographies are objects with states and behaviours implemented collaboratively by roles. Choral comes with a compiler that, given a choreography, generates an implementation for each of its roles. These implementations are libraries in pure Java, whose types are under the control of the Choral programmer. Developers can then modularly compose these libraries in their programs, to participate correctly in choreographies. Choral is the first incarnation of choreographic programming offering such modularity, which finally connects more than a decade of research on the paradigm to practical software development. The integration of choreographic and object-oriented programming yields other powerful advantages, where the features of one paradigm benefit the other in ways that go beyond the sum of the parts. On the one hand, the high-level abstractions and static checks from the world of choreographies can be used to write concurrent and distributed object-oriented software more concisely and correctly. On the other hand, we obtain a much more expressive choreographic language from object-oriented abstractions than in previous work. This expressivity allows for writing more reusable and flexible choreographies. For example, object passing makes Choral the first higher-order choreographic programming language, whereby choreographies can be parameterised over other choreographies without any need for central coordination. We also extend method overloading to a new dimension: specialisation based on data location. Together with subtyping and generics, this allows Choral to elegantly support user-defined communication mechanisms and middleware.
@article{GMP24,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti},
title = {Choral: Object-oriented Choreographic Programming},
journal = {{ACM} Trans. Program. Lang. Syst.},
volume = {46},
number = {1},
pages = {1:1--1:59},
year = {2024},
doi = {10.1145/3632398}
}
Crypto-ransomware aims at extorting money from users by encrypting their files and asking them to pay for the decryption key. We present Ranflood; a configurable drop-in solution that contrasts ransomware attacks with a deluge of decoy files at specific locations (e.g., sensitive folders of the user, the attack site), deceiving the attacker into encrypting sacrificial files. Ranflood further slows down the attack by contending with the malware access to IO and computation resources of the targeted machine. The aim is to buy time for the defence team to take action (e.g., manually shutting down an unresponsive machine). We show how the extensibility and modularity of Ranflood’s software architecture (1) can accommodate a wide spectrum of flooding strategies, easing the process of improving its effectiveness also against future ransomware families and (2) strive to maximise the tool’s efficiency by exploiting the highest level of parallelism afforded by the attacked machine.
@article{BGAMP2024,
author = {Davide Berardi and
Saverio Giallorenzo and
Andrea Melis and
Simone Melloni and
Marco Prandini},
title = {Ranflood: {A} mitigation tool based on the principles of data flooding
against ransomware},
journal = {SoftwareX},
volume = {25},
pages = {101605},
year = {2024},
doi = {10.1016/J.SOFTX.2023.101605}
}
We discuss an integrated approach for the design, specification, automatic deployment and simulation of microservice-based applications based on the ABS language. In particular, the integration of architectural modeling inspired by TOSCA (component types/port dependencies/architectural invariants) into the ABS language (static and dynamic aspects of ABS, including component properties, e.g., speed, and their use in timed/probabilistic simulations) via dedicated annotations. This is realized by the integration of the ABS toolchain with a dedicated tool, called Timed SmartDepl. Such a tool, at ABS code compile time, solves (starting from the provided architectural specification) the optimal deployment problem and produces ABS deployment orchestrations to be used in the context of timed simulations. Moreover, the potentialities and the expressive power of this approach are confirmed by further integration with external tools, e.g.: the Zephyrus tool, used by Timed SmartDepl to solve the optimal deployment problem via constraint solving, and a machine learning-based predictive module, that generates in advance data to be used in a timed ABS simulation exploiting such predicted data (e.g., simulating the usage, during the day, of predicted data generated during the preceding night).
@incollection{BBGMZ24,
author = {Lorenzo Bacchiani and
Mario Bravetti and
Saverio Giallorenzo and
Jacopo Mauro and
Gianluigi Zavattaro},
editor = {Frank S. de Boer and
Ferruccio Damiani and
Reiner H{\"{a}}hnle and
Einar Broch Johnsen and
Eduard Kamburjan},
title = {Integrated Timed Architectural Modeling/Execution Language},
booktitle = {Active Object Languages: Current Research Trends},
series = {Lecture Notes in Computer Science},
volume = {14360},
pages = {169--198},
publisher = {Springer},
year = {2024},
doi = {10.1007/978-3-031-51060-1\_7}
}
Function as a service (FaaS) is a serverless cloud execution model offering cost-efficiency, scalability, and simplified development by enabling developers to focus on code and delegate server management and application scaling to the serverless platform. Early FaaS implementations provided no control to users over function placement, but raising data locality-bound scenarios motivated new implementations with user-defined constraints over function allocations, e.g., to keep functions accessing a database close to the latter, with the aim of reducing latency, enhancing security, or complying with regulations. In this article, we show how, by leveraging the Allocation Priority Policies languageused for controlling function schedulingand state-of-the-art planning tools, it is possible to enforce security properties and data-locality constraints, thereby guiding the definition of fine-grained serverless scheduling policies.
@article{DGMTZ23,
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Jacopo Mauro and
Matteo Trentin and
Gianluigi Zavattaro},
title = {Formally Verifying Function Scheduling Properties in Serverless Applications},
journal = {{IT} Prof.},
volume = {25},
number = {6},
pages = {94--99},
year = {2023},
doi = {10.1109/MITP.2023.3333071},
}
State-of-the-art serverless platforms use hard-coded scheduling policies that hardly accommodate users in implementing functional or performance-related scheduling logic of their functions, e.g., preserving the execution of critical functions within some geographical boundaries or minimising data-access latencies. We addressed this problem by introducing {APP}: a declarative language for defining per-function scheduling policies which we also implemented as an extension of the open-source OpenWhisk serverless platform. Here, we present a gentle introduction to {APP} through an illustrative application developed over several incremental steps.
@InProceedings{DGMTZ23,
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Jacopo Mauro and
Matteo Trentin and
Gianluigi Zavattaro},
editor = {Gokila Dorai and
Maurizio Gabbrielli and
Giulio Manzonetto and
Aomar Osmani and
Marco Prandini and
Gianluigi Zavattaro and
Olaf Zimmermann},
title = {Custom Serverless Function Scheduling Policies: An {APP} Tutorial},
booktitle = {Joint Post-proceedings of the Third and Fourth International Conference
on Microservices, Microservices 2020/2022, May 10-12, 2022, Paris,
France},
series = {OASIcs},
volume = {111},
pages = {5:1--5:16},
publisher = {Schloss Dagstuhl - Leibniz-Zentrum f{\"{u}}r Informatik},
year = {2022},
doi = {10.4230/OASICS.MICROSERVICES.2020-2022.5}
}
We formally define and implement a translation of domain and service models expressed in the LEMMA modelling ecosystem for microservice architectures to source code in the Jolie microservice programming language. Specifically, our work extends previous efforts on the generation of Jolie code to the inclusion of the LEMMA service modelling layer. We also contribute an implementation of our translation, given as an extension of the LEMMA2Jolie tool, which enables the practical application of our encoding. As a result, LEMMA2Jolie now supports a software development process whereby microservice architectures can first be designed by microservice developers in collaboration with domain experts in LEMMA, and then be automatically translated into Jolie APIs. Our tool can thus be used to enhance productivity and improve design adherence.
@InProceedings{GMPR23,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti and
Florian Rademacher},
editor = {Gokila Dorai and
Maurizio Gabbrielli and
Giulio Manzonetto and
Aomar Osmani and
Marco Prandini and
Gianluigi Zavattaro and
Olaf Zimmermann},
title = {Model-Driven Code Generation for Microservices: Service Models},
booktitle = {Joint Post-proceedings of the Third and Fourth International Conference
on Microservices, Microservices 2020/2022, May 10-12, 2022, Paris,
France},
series = {OASIcs},
volume = {111},
pages = {6:1--6:17},
publisher = {Schloss Dagstuhl - Leibniz-Zentrum f{\"{u}}r Informatik},
year = {2022},
doi = {10.4230/OASICS.MICROSERVICES.2020-2022.6}
}
This textbook is a thorough, up-to-date introduction to the principles and techniques that guide the design and implementation of modern programming languages.
The goal of the book is to provide the basis for a critical understanding of most modern programming languages. Thus, rather than focusing on a specific language, the book identifies the most important principles shared by large classes of languages. The notion of ‘abstract machine’ is a unifying concept that helps to maintain an accurate and elementary treatment. The book introduces, analyses in depth, and compares the imperative, object-oriented, functional, logic, concurrent, constraint-based, and service-oriented programming paradigms. All material coming from the first English edition has been updated and extended, clarifying some tricky points, and discussing newer programming languages. This second edition contains new chapters dedicated to constraint, concurrent, and service-oriented programming.
Topics and features:
Requires familiarity with one programming language is a prerequisite Provides a chapter on history offering context for most of the constructs in use today
@book{GMG23,
author = {Maurizio Gabbrielli and
Simone Martini and
Saverio Giallorenzo},
title = {Programming Languages: Principles and Paradigms, Second Edition},
series = {Undergraduate Topics in Computer Science},
publisher = {Springer},
year = {2023},
doi = {10.1007/978-3-031-34144-1},
isbn = {978-3-031-34143-4}
}
The serverless paradigm offers benefits such as time savings and cost efficiency by delegating resource allocation and scaling to the platform. However, as the number of functions and interactions grows, the complexity of reasoning about the implementation correctness increases. Traditional monolithic development provides a more linear and simpler programming experience, with established best practices and tools for various development phases. From this observation, we propose Fenrir, an open-source programming framework for programming serverless applications managed as a monolithic codebase. Developers write applications in a monolithic style and then annotate specific parts that should be deployed as separate serverless functions, along with their corresponding call events. The Fenrir compiler uses these annotations to generate a correct-by-construction deployable serverless codebase that adheres to the source program’s execution semantics. This approach enables quick development and testing cycles, ensuring that the serverless application behaves as intended. We outline the main features of the Fenrir framework, including its annotation constructors and compilation pipeline, and briefly illustrate how Fenrir works with examples.
@unpublished{DGVT23,
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Matteo Trentin and
Gejsi Vjerdha},
note = {Presented at 4th International Conference on Microservices, Microservices 2023, Pisa, Italy, 10--11 October 2023},
title = {A Framework for Bridging the Gap between Monolithic and Serverless Programming},
year = {2023}
}
Current proprietary and open-source serverless platforms follow opinionated, hardcoded scheduling policies to deploy the functions to be executed over the available workers. Such policies may decrease the performance and the security of the application due to locality issues (e.g., functions executed by workers far from the databases to be accessed). These limitations are partially overcome by the adoption of APP, a new platform-agnostic declarative language that allows serverless platforms to support multiple scheduling logics. Defining the ``right’’ scheduling policy in APP is far from being a trivial task since it often requires rounds of refinement involving knowledge of the underlying infrastructure, guesswork, and empirical testing. In this paper, we start investigating how information derived from static analysis could be incorporated into APP scheduling function policies to help users select the best-performing workers at function allocation. We substantiate our proposal by presenting a pipeline able to extract cost equations from functions’ code, synthesising cost expressions through the usage of off-the-shelf solvers, and extending APP allocation policies to consider this information.
@inproceedings{DGLMTZ23,
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Cosimo Laneve and
Jacopo Mauro and
Matteo Trentin and
Gianluigi Zavattaro},
editor = {Maurice H. ter Beek and
Clemens Dubslaff},
title = {Serverless Scheduling Policies based on Cost Analysis},
booktitle = {Proceedings of the First Workshop on Trends in Configurable Systems
Analysis, TiCSA@ETAPS 2023, Paris, France, 23rd April 2023},
series = {{EPTCS}},
volume = {392},
pages = {40--52},
year = {2023},
doi = {10.4204/EPTCS.392.3}
}
Ransomware is one of the most infamous kinds of malware, particularly the “crypto” subclass, which encrypts users’ files, asking for some monetary ransom in exchange for the decryption key. Recently, crypto-ransomware grew into a scourge for enterprises and governmental institutions. The most recent and impactful cases include an oil company in the US, an international Danish shipping company, and many hospitals and health departments in Europe. Attacks result in production lockdowns, shipping delays, and even risks to human lives. To contrast ransomware attacks (crypto, in particular), we propose a family of solutions, called Data Flooding against Ransomware, tackling the main phases of detection, mitigation, and restoration, based on a mix of honeypots, resource contention, and moving target defence. These solutions hinge on detecting and contrasting the action of ransomware by flooding specific locations (e.g., the attack location, sensible folders, etc.) of the victim’s disk with files. Besides the abstract definition of this family of solutions, we present an open-source tool that implements the mitigation and restoration phases, called Ranflood. In particular, Ranflood supports three flooding strategies, apt for different attack scenarios. At its core, Ranflood buys time for the user to counteract the attack, e.g., to access an unresponsive, attacked server and shut it down manually. We benchmark the efficacy of Ranflood by performing a thorough evaluation over 6 crypto-ransomware (e.g., WannaCry, LockBit) for a total of 78 different attack scenarios, showing that Ranflood consistently lowers the amount of files lost to encryption.
@article{BGMMOP23,
title = {Data Flooding against Ransomware: Concepts and Implementations},
author = {Davide Berardi and
Saverio Giallorenzo and
Andrea Melis and
Simone Melloni and
Loris Onori and
Marco Prandini},
journal = {Computers & Security},
pages = {103295},
year = {2023},
issn = {0167-4048},
doi = {https://doi.org/10.1016/j.cose.2023.103295},
}
We introduce LEMMA2Jolie, a tool for translating domain models of microservice architectures given in LEMMA into concrete APIs of microservices in the Jolie programming language. Our tool combines the state of the art for the design and implementation of microservices: developers can use Domain-Driven Design (DDD) for the construction of the domain models of a microservice architecture, and then automatically transition to a service-oriented programming language that provides native linguistic support for implementing the behaviour of each microservice.
@article{GMPR23,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti and
Florian Rademacher},
title = {LEMMA2Jolie: {A} tool to generate microservice APIs from domain models},
journal = {Sci. Comput. Program.},
volume = {228},
pages = {102956},
year = {2023},
doi = {10.1016/j.scico.2023.102956}
}
We present JoT, a testing framework for Microservice Architectures (MSAs) based on technology agnosticism, a core principle of microservices. The main advantage of JoT is that it reduces the amount of work for a) testing for MSAs whose services use different technology stacks, b) writing tests that involve multiple services, and c) reusing tests of the same MSA under different deployment configurations or after changing some of its components (e.g., when, for performance, one reimplements a service with a different technology). In JoT, tests are orchestrators that can both consume or offer operations from/to the MSA under test. The language for writing JoT tests is Jolie, which provides constructs that support technology agnosticism and the definition of terse test behaviours. We present the methodology we envision for testing MSAs with JoT and we validate it by implementing non-trivial test scenarios taken from a reference MSA from the literature (Lakeside Mutual).
@inproceedings{GMPRU23,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti and
Florian Rademacher and
Narongrit Unwerawattana},
editor = {Sung{-}Shik Jongmans and
Ant{\'{o}}nia Lopes},
title = {JoT: {A} Jolie Framework for Testing Microservices},
booktitle = {Coordination Models and Languages - 25th {IFIP} {WG} 6.1 International
Conference, {COORDINATION} 2023, Held as Part of the 18th International
Federated Conference on Distributed Computing Techniques, DisCoTec
2023, Lisbon, Portugal, June 19-23, 2023, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {13908},
pages = {172--191},
publisher = {Springer},
year = {2023},
doi = {10.1007/978-3-031-35361-1\_10}
}
In this work, we focus on by-design global scaling, a technique that, given a functional specification of a microservice architecture, orchestrates the scaling of all its components, avoiding cascading slowdowns typical of uncoordinated, mainstream autoscaling. State-of-the-art by-design global scaling adopts a reactive approach to traffic fluctuations, undergoing inefficiencies due to the reaction overhead. Here, we tackle this problem by proposing a proactive version of by-design global scaling able to anticipate future scaling actions. We provide four contributions in this direction: i) a platform able to host both reactive and proactive global scaling; ii) a proactive implementation based on data analytics; iii) a hybrid solution that mixes reactive and proactive scaling; iv) use cases and empirical benchmarks, obtained through our platform, that compare reactive, proactive, and hybrid global scaling performance. From our comparison, proactive global scaling consistently outperforms reactive, while the hybrid solution is the best-performing one.
@inproceedings{BBGGZZ22,
author = {Lorenzo Bacchiani and
Mario Bravetti and
Maurizio Gabbrielli and
Saverio Giallorenzo and
Gianluigi Zavattaro and
Stefano Pio Zingaro},
editor = {Javier Troya and
Brahim Medjahed and
Mario Piattini and
Lina Yao and
Pablo Fern{\'{a}}ndez and
Antonio Ruiz{-}Cort{\'{e}}s},
title = {Proactive-Reactive Global Scaling, with Analytics},
booktitle = {Service-Oriented Computing - 20th International Conference, {ICSOC}
2022, Seville, Spain, November 29 - December 2, 2022, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {13740},
pages = {237--254},
publisher = {Springer},
year = {2022},
doi = {10.1007/978-3-031-20984-0\_16}
}
The adoption of edge and fog systems, along with the introduction of privacy-preserving regulations, compel the usage of tools for expressing complex data queries in an ephemeral way. That is, queried data should not persist. Database engines partially address this need, as they provide domain-specific languages for querying data. Unfortunately, using a database in an ephemeral setting has inessential issues related to throughput bottlenecks, scalability, dependency management, and security (e.g., query injection). Moreover, databases can impose specific data structures and data formats, which can hinder the development of microservice architectures that integrate heterogeneous systems and handle semi-structured data. In this article, we present Jolie/Tquery, the first query framework designed for ephemeral data handling in microservices. Jolie/Tquery joins the benefits of a technology-agnostic, microservice-oriented programming language, Jolie, and of one of the most widely-used query languages for semi-structured data in microservices, the MongoDB aggregation framework. To make Jolie/Tquery reliable for the users, we follow a cleanroom software engineering process. First, we define Tquery, a theory for querying semi-structured data compatible with Jolie and inspired by a consistent variant of the key operators of the MongoDB aggregation framework. Then, we describe how we implemented Jolie/Tquery following Tquery and how the Jolie type system naturally captures the syntax of Tquery and helps to preserve its invariants. To both illustrate Tquery and Jolie/Tquery, we present the use case of a medical algorithm and build our way to a microservice that implements it using Jolie/Tquery. Finally, we report microbenchmarks that validate the expectation that, in the ephemeral case, using Jolie/Tquery outperforms using an external database (MongoDB, specifically).
@article{GMSZ22,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Larisa Safina and
Stefano Pio Zingaro},
title = {Ephemeral data handling in microservices with Tquery},
journal = {PeerJ Comput. Sci.},
volume = {8},
pages = {e1037},
year = {2022},
doi = {10.7717/peerj-cs.1037},
}
State-of-the-art serverless platforms use hard-coded scheduling policies that are unaware of the possible topological constraints of functions. Considering these constraints when scheduling functions leads to sensible performance improvements, e.g., minimising loading times or data-access latencies. This issue becomes more pressing when considered in the emerging multi-cloud and edge-cloud-continuum systems, where only specific nodes can access specialised, local resources. To address this problem, we present a declarative language for defining serverless scheduling policies to express constraints on topologies of schedulers and execution nodes. We implement our approach as an extension of the OpenWhisk platform.
@inproceedings{DGMTZ22,
author = {Giuseppe {De Palma} and
Saverio Giallorenzo and
Jacopo Mauro and
Matteo Trentin and
Gianluigi Zavattaro},
editor = {Claudio Agostino Ardagna and
Nimanthi L. Atukorala and
Boualem Benatallah and
Athman Bouguettaya and
Fabio Casati and
Carl K. Chang and
Rong N. Chang and
Ernesto Damiani and
Chirine Ghedira Guegan and
Robert Ward and
Fatos Xhafa and
Xiaofei Xu and
Jia Zhang},
title = {A Declarative Approach to Topology-Aware Serverless Function-Execution Scheduling},
booktitle = {{IEEE} International Conference on Web Services, {ICWS} 2022, Barcelona,
Spain, July 10-16, 2022},
pages = {337--342},
publisher = {{IEEE}},
year = {2022},
doi = {10.1109/ICWS55610.2022.00056},
}
We formally define and implement a translation from domain models in the LEMMA modelling framework to microservice APIs in the Jolie programming language. Our tool enables a software development process whereby microservice architectures can first be designed with the leading method of Domain-Driven Design, and then corresponding data types and service interfaces (APIs) in Jolie are automatically generated. Developers can extend and use these APIs as guides in order to produce compliant implementations. Our tool thus contributes to enhancing productivity and improving the design adherence of microservices.
@inproceedings{GMPR22,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti and
Florian Rademacher},
editor = {Maurice H. ter Beek and
Marjan Sirjani},
title = {Model-Driven Generation of Microservice Interfaces: From {LEMMA} Domain
Models to Jolie APIs},
booktitle = {Coordination Models and Languages - 24th {IFIP} {WG} 6.1 International
Conference, {COORDINATION} 2022, Held as Part of the 17th International
Federated Conference on Distributed Computing Techniques, DisCoTec
2022, Lucca, Italy, June 13-17, 2022, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {13271},
pages = {223--240},
publisher = {Springer},
year = {2022},
doi = {10.1007/978-3-031-08143-9\_13},
}
Increased levels of digitalization in society expose companies to new security threats, requiring them to establish adequate security and privacy measures. Additionally, the presence of exogenous forces like new regulations, e.g., GDPR and the global COVID-19 pandemic, pose new challenges for companies that should preserve an adequate level of security while having to adapt to change. In this paper, we investigate such challenges through a two-phase study in companies located in Denmarka country characterized by a high level of digitalizationfocusing on software development and tech-related companies. Our results show a number of issues, most notably i) a misalignment between software developers and management when it comes to the implementation of security and privacy measures, ii) difficulties in adapting company practices in light of implementing GDPR compliance, and iii) different views on the need to adapt security measures to cope with the COVID-19 pandemic.
@inproceedings{DGKMP22,
author = {Asmita Dalela and
Saverio Giallorenzo and
Oksana Kulyk and
Jacopo Mauro and
Elda Paja},
title = {A Study on Security and Privacy Practices in Danish Companies},
booktitle = {Usable Security and Privacy ({USEC}) Symposium 2022 - {NDSS} 2022 Workshops, San Diego, USA, April 28, 2022},
year = {2022},
}
Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus: it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publicationsat the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges.
@article{BGMMMP22,
author = {Davide Berardi and
Saverio Giallorenzo and
Jacopo Mauro and
Andrea Melis and
Fabrizio Montesi and
Marco Prandini},
title = {Microservice security: a systematic literature review},
journal = {PeerJ Comput. Sci.},
volume = {8},
pages = {e779},
year = {2022},
doi = {10.7717/peerj-cs.779}
}
DevOps advocates the usage of Virtualization Technologies (VT), such as Virtual Machines and Containers. However, it is complex to predict how the usage of a given VT will impact on the performance of an application. In this paper, we present a collection of reference benchmarks that developers can use to orient when looking for the best-performing VT w.r.t their application profile. To gather our benchmarks in a resource-wise comprehensive and comparable way, we introduce VTmark: a semi-automatic open-source suite that assembles off-the-shelf tools for benchmarking the different resources used by applications (CPU, RAM, etc.). After performing a survey of VTs in the market, we use VTmark to report the benchmarks of 6 of the most widely adopted and popular ones, namely Docker, KVM, Podman, VMWare Workstation, VirtualBox, and Xen. To validate the accuracy of our reference benchmarks, we show how they correlate with the profile performance of a production-grade application ported and deployed on the considered VTs. Beyond our immediate results, VTmark let us shed light on some contradicting findings in the related literature and, by releasing VTmark , we provide DevOps with an open-source, extendable tool to assess the (resource-wise) costs of VTs.
@article{GMPS21,
author = {Saverio Giallorenzo and
Jacopo Mauro and
Martin Gyde Poulsen and
Filip Siroky},
title = {Virtualization Costs: Benchmarking Containers and Virtual Machines
Against Bare-Metal},
journal = {{SN} Comput. Sci.},
volume = {2},
number = {5},
pages = {404},
year = {2021},
doi = {10.1007/s42979-021-00781-8}
}
Choreographic languages aim to express multiparty communication protocols, by providing primitives that make interaction manifest. Multitier languages enable programming computation that spans across several tiers of a distributed system, by supporting primitives that allow computation to change the location of execution. Rooted into different theoretical underpinningsrespectively process calculi and lambda calculusthe two paradigms have been investigated independently by different research communities with little or no contact. As a result, the link between the two paradigms has remained hidden for long. In this paper, we show that choreographic languages and multitier languages are surprisingly similar. We substantiate our claim by isolating the core abstractions that differentiate the two approaches and by providing algorithms that translate one into the other in a straightforward way. We believe that this work paves the way for joint research and cross-fertilisation among the two communities.
@inproceedings{GMPRSW21,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti and
David Richter and
Guido Salvaneschi and
Pascal Weisenburger},
editor = {Anders M{\o}ller and
Manu Sridharan},
title = {Multiparty Languages: The Choreographic and Multitier Cases (Pearl)},
booktitle = {35th European Conference on Object-Oriented Programming, {ECOOP} 2021,
July 11-17, 2021, Aarhus, Denmark (Virtual Conference)},
series = {LIPIcs},
volume = {194},
pages = {22:1--22:27},
publisher = {Schloss Dagstuhl - Leibniz-Zentrum f{\"{u}}r Informatik},
year = {2021},
doi = {10.4230/LIPIcs.ECOOP.2021.22}
}
In microservices, Model-Driven Engineering (MDE) has emerged as a powerful methodology for architectural design. Independently, the community of programming languages has investigated new linguistic abstractions for effective microservice development. Here, we present the first preliminary study of how the two approaches can cross-pollinate, taking the LEMMA framework and the Jolie programming language as respective representatives. We establish a common ground for comparing the two technologies in terms of metamodels, discuss practical enhancements that can be derived from the comparison, and present some directions for future work that arise from our new viewpoint.
@inproceedings{GMPRS21,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti and
Florian Rademacher and
Sabine Sachweh},
editor = {Ferruccio Damiani and
Ornela Dardha},
title = {Jolie and {LEMMA:} Model-Driven Engineering and Programming Languages
Meet on Microservices},
booktitle = {Coordination Models and Languages - 23rd {IFIP} {WG} 6.1 International
Conference, {COORDINATION} 2021, Held as Part of the 16th International
Federated Conference on Distributed Computing Techniques, DisCoTec
2021, Valletta, Malta, June 14-18, 2021, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {12717},
pages = {276--284},
publisher = {Springer},
year = {2021},
doi = {10.1007/978-3-030-78142-2\_17}
}
We develop a novel approach for run-time global adaptation of microservice applications, based on synthesis of architecture-level reconfiguration orchestrations. More precisely, we devise an algorithm for automatic reconfiguration that reaches a target system Maximum Computational Load by performing optimal deployment orchestrations. To conceive and simulate our approach, we introduce a novel integrated timed architectural modeling/execution language based on an extension of the actor-based object-oriented Abstract Behavioral Specification (ABS) language. In particular, we realize a timed extension of SmartDeployer, whose ABS code annotations make it possible to express architectural properties. Our Timed SmartDeployer tool fully integrates time features of ABS and architectural annotations by generating timed deployment orchestrations. We evaluate the applicability of our approach on a realistic microservice application taken from the literature: an Email Pipeline Processing System. We prove its effectiveness by simulating such an application and by comparing architecture-level reconfiguration with traditional local scaling techniques (which detect scaling needs and enact replications at the level of single microservices). Our comparison results show that our approach avoids cascading slowdowns and consequent increased message loss and latency, which affect traditional local scaling.
@inproceedings{BBGMTZ21,
author = {Lorenzo Bacchiani and
Mario Bravetti and
Saverio Giallorenzo and
Jacopo Mauro and
Iacopo Talevi and
Gianluigi Zavattaro},
editor = {Ferruccio Damiani and
Ornela Dardha},
title = {Microservice Dynamic Architecture-Level Deployment Orchestration},
booktitle = {Coordination Models and Languages - 23rd {IFIP} {WG} 6.1 International
Conference, {COORDINATION} 2021, Held as Part of the 16th International
Federated Conference on Distributed Computing Techniques, DisCoTec
2021, Valletta, Malta, June 14-18, 2021, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {12717},
pages = {257--275},
publisher = {Springer},
year = {2021},
doi = {10.1007/978-3-030-78142-2\_16}
}
Serverless computing is a paradigm for programming cloud applications in terms of stateless functions, executed and scaled in proportion to inbound requests. Here, we revisit SKC, a calculus capturing the essential features of serverless programming. By exploring the design space of the language, we refined the integration between the fundamental features of the two calculi that inspire SKC: the lambda- and the pi-calculus. That investigation led us to a revised syntax and semantics, which support an increase in the expressiveness of the language. In particular, now function names are first-class citizens and can be passed around. To illustrate the new features, we present step-by-step examples and two non-trivial use cases from artificial intelligence, which model, respectively, a perceptron and an image tagging system into compositions of serverless functions. We also illustrate how SKC supports reasoning on serverless implementations, i.e., the underlying network of communicating, concurrent, and mobile processes which execute serverless functions in the cloud. To that aim, we show an encoding from SKC to the asynchronous pi-calculus and prove it correct in terms of an operational correspondence.
@inproceedings{GLMSZ20,
author = {Saverio Giallorenzo and
Ivan Lanese and
Fabrizio Montesi and
Davide Sangiorgi and
Stefano Pio Zingaro},
editor = {Frank S. de Boer and
Jacopo Mauro},
title = {The Servers of Serverless Computing: {A} Formal Revisitation of Functions
as a Service},
booktitle = {Recent Developments in the Design and Implementation of Programming
Languages, Gabbrielli's Festschrift, November 27, 2020, Bologna, Italy},
series = {OASIcs},
volume = {86},
pages = {5:1--5:21},
publisher = {Schloss Dagstuhl - Leibniz-Zentrum f{\"{u}}r Informatik},
year = {2020},
doi = {10.4230/OASICS.GABBRIELLI.5}
}
Following previous work on the automated deployment of component-based applications, we present a formal model specifically tailored for reasoning on the deployment of microservice architectures. The first result that we present is a formal proof of decidability of the problem of synthesizing optimal deployment plans for microservice architectures, a problem which was proved to be undecidable for generic component-based applications. Then, given that such proof translates the deployment problem into a constraint satisfaction problem, we present the implementation of a tool that, by exploiting state-of-the-art constraint solvers, can be used to actually synthesize optimal deployment plans. We evaluate the applicability of our tool on a realistic microservice architecture taken from the literature.
@incollection{BGMTZ20,
author = {Mario Bravetti and
Saverio Giallorenzo and
Jacopo Mauro and
Iacopo Talevi and
Gianluigi Zavattaro},
editor = {Antonio Bucchiarone and
Nicola Dragoni and
Schahram Dustdar and
Patricia Lago and
Manuel Mazzara and
Victor Rivera and
Andrey Sadovykh},
title = {A Formal Approach to Microservice Architecture Deployment},
booktitle = {Microservices, Science and Engineering},
pages = {183--208},
publisher = {Springer},
year = {2020},
doi = {10.1007/978-3-030-31646-4\_8}
}
Serverless computing is a Cloud development paradigm where developers write and compose stateless functions, abstracting from their deployment and scaling. In this paper, we address the problem of function-execution scheduling, i.e., how to schedule the execution of Serverless functions to optimise their performance against some user-defined goals. We introduce a declarative language of Allocation Priority Policies (APP) to specify policies that inform the scheduling of function execution. We present a prototypical implementation of APP as an extension of Apache OpenWhisk and we validate it by i) implementing a use case combining IoT, Edge, and Cloud Computing and ii) by comparing its performance to an alternative implementation that uses vanilla OpenWhisk.
@inproceedings{DGMZ20,
author = {Giuseppe De Palma and
Saverio Giallorenzo and
Jacopo Mauro and
Gianluigi Zavattaro},
editor = {Eleanna Kafeza and
Boualem Benatallah and
Fabio Martinelli and
Hakim Hacid and
Athman Bouguettaya and
Hamid Motahari},
title = {Allocation Priority Policies for Serverless Function-Execution Scheduling
Optimisation},
booktitle = {Service-Oriented Computing - 18th International Conference, {ICSOC}
2020, Dubai, United Arab Emirates, December 14-17, 2020, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {12571},
pages = {416--430},
publisher = {Springer},
year = {2020},
doi = {10.1007/978-3-030-65310-1\_29}
}
@proceedings{microservices2019,
editor = {{Lu{\'{\i}}s} {Cruz{-}Filipe} and
Saverio Giallorenzo and
Fabrizio Montesi and
Marco Peressotti and
Florian Rademacher and
Sabine Sachweh},
title = {Joint Post-proceedings of the First and Second International Conference
on Microservices, Microservices 2017/2019, October 23-27, 2017, Odense,
Denmark / February 19-21, 2019, Dortmund, Germany},
series = {OASIcs},
volume = {78},
publisher = {Schloss Dagstuhl - Leibniz-Zentrum f{\"{u}}r Informatik},
year = {2020},
isbn = {978-3-95977-137-5},
}
@inproceedings{BGMTZ19,
author = {Mario Bravetti and
Saverio Giallorenzo and
Jacopo Mauro and
Iacopo Talevi and
Gianluigi Zavattaro},
editor = {Reiner H{\"{a}}hnle and
Wil M. P. van der Aalst},
title = {Optimal and Automated Deployment for Microservices},
booktitle = {Fundamental Approaches to Software Engineering - 22nd International
Conference, {FASE} 2019, Held as Part of the European Joint Conferences
on Theory and Practice of Software, {ETAPS} 2019, Prague, Czech Republic,
April 6-11, 2019, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {11424},
pages = {351--368},
publisher = {Springer},
year = {2019},
doi = {10.1007/978-3-030-16722-6\_21}
}
The Internet of Things (IoT) advocates for multi-layered platformsfrom edge devices to Cloud nodeswhere each layer adopts its own communication standards (media and data formats). While this freedom is optimal for in-layer communication, it puzzles cross-layer integration due to incompatibilities among standards. Also enforcing a unique communication stack within the same IoT platform is not a solution, as it leads to the current phenomenon of ``IoT islands’’, where disparate platforms hardly interact with each other. In this paper we tackle the problem of IoT cross-layer and cross-platform integration following a language-based approach. We build on the Jolie programming language, which provides uniform linguistic abstractions to exploit heterogeneous communication stacks, allowing the programmer to specify in a declarative way the desired stack, and to easily change it, even at runtime. Jolie currently supports the main technologies from Service-Oriented Computing, such as TCP/IP, Bluetooth, and RMI at transport level, and HTTP and SOAP at application level. We integrate in Jolie the two most adopted protocols for IoT communication, i.e., CoAP and MQTT. We report our experience on a case study on Cloud-based home automation, and we present high-level concepts valuable both for the general implementation of interoperable systems and for the development of other language-based solutions.
@incollection{GGLZ19,
title = {Linguistic Abstractions for Interoperability of IoT Platforms},
author = {Maurizio Gabbrielli and
Saverio Giallorenzo and
Ivan Lanese and
Stefano Pio Zingaro},
year = 2019,
booktitle = {Towards Integrated Web, Mobile, and IoT Technology},
publisher = {Springer International Publishing},
address = {Cham},
pages = {83--114},
isbn = {978-3-030-28430-5},
editor = {Tim A. Majchrzak and
Cristian Mateos and
Francesco Poggi and
Tor-Morten Gr{\o}nli}
}
Platoon formation is a freight organization system where a group of vehicles follows a predefined trajectory maintaining a desired spatial pattern. Benefits of platooning include fuel savings, reduction of carbon dioxide emissions, and efficient allocation of road capacity. While traditionally platooning has been an exclusive option limited to specific geographical areas managed by a single operator, recent technological developments and EU initiatives are directed at the creation of an international, federated market for platooning, i.e., a consortium of platoon operators that collaborate and coordinate their users to constitute freights covering international routes. In this paper, we look at federated platooning from an insiders’ perspective. In our development, first we outline the basic elements of platooning and federation of platooning operators. Then, we provide a comprehensive analysis to identify the possible insiders (employees, users, operators, and federated members) and the threats they pose. Finally, we propose two layered, composable technical solutions to mitigate those threats: a) a decentralized overlay network that regulates the interactions among the stakeholders, useful to mitigate issues linked to data safety and trustworthiness and b) a dynamic federation platform, needed to monitor and interrupt deviant behaviours of federated members.
@inproceedings{CGGMP19,
author = {Franco Callegati and
Saverio Giallorenzo and
Maurizio Gabbrielli and
Andrea Melis and
Marco Prandini},
editor = {Tung Bui},
title = {Federated Platooning: Insider Threats and Mitigations},
booktitle = {52nd Hawaii International Conference on System Sciences, {HICSS} 2019,
Grand Wailea, Maui, Hawaii, USA, January 8-11, 2019},
pages = {1--10},
publisher = {ScholarSpace},
year = {2019},
url = {https://hdl.handle.net/10125/59758}
}
In Choreographic Programming, a choreography specifies in a single artefact the expected behaviour of all the participants in a distributed system. The choreography is used to synthesise correct-by- construction programs for each participant. In previous work, we defined Dynamic Choreographies to support the update of distributed systems at runtime. In this work, we extend Dynamic Choreographies to include new participants at runtime, capturing those use cases where the system might be updated to interact with new, unforeseen stakeholders. We formalise our extension, prove its correctness, and present an implementation in the AIOCJ choreographic framework.
@inproceedings{GGLM19,
author = {Maurizio Gabbrielli and
Saverio Giallorenzo and
Ivan Lanese and
Jacopo Mauro},
editor = {M{\'{a}}rio S. Alvim and
Kostas Chatzikokolakis and
Carlos Olarte and
Frank Valencia},
title = {Guess Who's Coming: Runtime Inclusion of Participants in Choreographies},
booktitle = {The Art of Modelling Computational Systems: {A} Journey from Logic
and Concurrency to Security and Privacy - Essays Dedicated to Catuscia
Palamidessi on the Occasion of Her 60th Birthday},
series = {Lecture Notes in Computer Science},
volume = {11760},
pages = {118--138},
publisher = {Springer},
year = {2019},
doi = {10.1007/978-3-030-31175-9\_8}
}
Serverless computing, also known as Functions-as-a-Service, is a recent paradigm aimed at simplifying the programming of cloud applications. The idea is that developers design applications in terms of functions, which are then deployed on a cloud infrastructure. The infrastructure takes care of executing the functions whenever requested by remote clients, dealing automatically with distribution and scaling with respect to inbound traffic. While vendors already support a variety of programming languages for serverless computing (e.g. Go, Java, Javascript, Python), as far as we know there is no reference model yet to formally reason on this paradigm. In this paper, we propose the first core formal programming model for serverless computing, which combines ideas from both the lambda-calculus (for functions) and the pi-calculus (for communication). To illustrate our proposal, we model a real-world serverless system. Thanks to our model, we capture limitations of current vendors and formalise possible amendments.
@inproceedings{GGLMPZ19,
author = {Maurizio Gabbrielli and
Saverio Giallorenzo and
Ivan Lanese and
Fabrizio Montesi and
Marco Peressotti and
Stefano Pio Zingaro},
editor = {Hanne Riis Nielson and
Emilio Tuosto},
title = {No More, No Less - {A} Formal Model for Serverless Computing},
booktitle = {Coordination Models and Languages - 21st {IFIP} {WG} 6.1 International
Conference, {COORDINATION} 2019, Held as Part of the 14th International
Federated Conference on Distributed Computing Techniques, DisCoTec
2019, Kongens Lyngby, Denmark, June 17-21, 2019, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {11533},
pages = {148--157},
publisher = {Springer},
year = {2019},
doi = {10.1007/978-3-030-22397-7\_9}
}
Ephemeral data handling, whereby processed data do not persist, is an emerging requirement of connected IT systems, due to storage constraints (IoT) or regulatory demands (eHealth, GDPR). We present ongoing work on TQuery, a query language for ephemeral data handling in microservices.
@inproceedings{GMSZ19,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Larisa Safina and
Stefano Pio Zingaro},
editor = {Elisa Bertino and
Carl K. Chang and
Peter Chen and
Ernesto Damiani and
Michael Goul and
Katsunori Oyama},
title = {Ephemeral Data Handling in Microservices},
booktitle = {2019 {IEEE} International Conference on Services Computing, {SCC}
2019, Milan, Italy, July 8-13, 2019},
pages = {234--236},
publisher = {{IEEE}},
year = {2019},
doi = {10.1109/SCC.2019.00048}
}
Network Function Virtualization (NFV) and Software Defined Networking (SDN) are technologies that recently acquired a great momentum thanks to their promise of being a flexible and cost-effective solution for replacing hardware-based, vendor-dependent network middleboxes with software appliances running on general purpose hardware in the cloud. Delivering end-to-end networking services across multiple NFV/SDN network domains by implementing the so-called Service Function Chain (SFC) i.e., a sequence of Virtual Network Functions (VNF) that composes the service, is a challenging task. In this paper we address two crucial sub-problems of this task: i) the language to formalize the request of a given SFC to the network and ii) the solution of the SFC design problem, once the request is received. As for i) in our solution the request is built upon the intent-based approach, with a syntax that focuses on asking the user what'' she needs and not
how’’ it should be implemented, in a simple and high level language. Concerning ii) we define a formal model describing network architectures and VNF properties that is then used to solve the SFC design problem by means of Constraint Programming (CP), a programming paradigm which is often used in Artificial Intelligence applications. We argue that CP can be effectively used to address this kind of problems because it provides very expressive and flexible modelling languages which come with powerful solvers, thus providing efficient and scalable performance. We substantiate this claim by validating our tool on some typical and non trivial SFC design problems.
@inproceedings{LCCCGG19,
author = {Tong Liu and
Franco Callegati and
Walter Cerroni and
Chiara Contoli and
Maurizio Gabbrielli and
Saverio Giallorenzo},
editor = {Tung Bui},
title = {Constraint Programming for Flexible Service Function Chaining Deployment},
booktitle = {52nd Hawaii International Conference on System Sciences, {HICSS} 2019,
Grand Wailea, Maui, Hawaii, USA, January 8-11, 2019},
pages = {1--10},
publisher = {ScholarSpace},
year = {2019},
url = {https://hdl.handle.net/10125/59640}
}
Mobility-as-a-Service (MaaS) applies the everything-as-a-service paradigm of Cloud Computing to transportation: a MaaS provider offers to its users the dynamic composition of solutions of different travel agencies into a single, consistent interface. Traditionally, transits and data on mobility belong to a scattered plethora of operators. Thus, we argue that the economic model of MaaS is that of federations of providers, each trading its resources to coordinate multi-modal solutions for mobility. Such flexibility comes with many security and privacy concerns, of which insider threat is one of the most prominent. In this paper, we revise and extend previous work where we classified the potential threats of individual operators and markets of federated MaaS providers, proposing appropriate countermeasures to mitigate the problems. In addition, we consider the emerging case of Cloud-of-Things (CoT) for mobility, i.e., networks of ubiquitous, pervasive devices that provide real-time data on objects and people. Automation and pervasiveness of CoT make an additional attack surface for insiders. In an effort to limit such phenomenon, we present an overlay networking architecture, based on gossip protocols, that lets users share information on mobility with each other. A peculiarity of the architecture is that it both constrains the quality and quantity of data obtainable by insiders, optimizing the routing of requests to involve only users that are able to answer them.
@article{CGMP18,
author = {Franco Callegati and
Saverio Giallorenzo and
Andrea Melis and
Marco Prandini},
title = {Cloud-of-Things meets Mobility-as-a-Service: An insider threat perspective},
journal = {Comput. Secur.},
volume = {74},
pages = {277--295},
year = {2018},
doi = {10.1016/J.COSE.2017.10.006}
}
The Internet of Things (IoT) promotes the communication among heterogeneous entities, from small sensors to Cloud systems. However, this is realized using a wide range of communication media and data protocols, usually incompatible with each other. Thus, IoT systems tend to grow as homogeneous isolated platforms, which hardly interact. To achieve a higher degree of interoperability among disparate IoT platforms, we propose a language-based approach for communication technology integration. We build on the Jolie programming language, which allows programmers to easily make the same logic work over disparate communication stacks in a declarative, dynamic way. Jolie currently supports the main technologies from Service-Oriented Computing, such as TCP/IP, Bluetooth, and RMI at transport level, and HTTP and SOAP at application level. As technical result, we integrate in Jolie the two most adopted protocols for IoT communication, i.e., CoAP and MQTT. In this paper, we report our experience and we present high-level concepts valuable both for the general implementation of interoperable systems and for the development of other language-based solutions.
@inproceedings{GGLZ18,
author = {Maurizio Gabbrielli and
Saverio Giallorenzo and
Ivan Lanese and
Stefano Pio Zingaro},
editor = {Tung Bui},
title = {A Language-based Approach for Interoperability of IoT Platforms},
booktitle = {51st Hawaii International Conference on System Sciences, {HICSS} 2018,
Hilton Waikoloa Village, Hawaii, USA, January 3-6, 2018},
pages = {1--10},
publisher = {ScholarSpace / {AIS} Electronic Library (AISeL)},
year = {2018}
}
Over the years, organizations acquired disparate software systems, each answering one specific need. Currently, the desirable outcomes of integrating these systems (higher degrees of automation and better system consistency) are often outbalanced by the complexity of mitigating their discrepancies. These problems are magnified in the decentralized setting (e.g., cross-organizational cases) where the integration is usually dealt with ad-hoc ``glue’’ connectors, each integrating two or more systems. Since the overall logic of the integration is spread among many glue connectors, these solutions are difficult to program correctly (making them prone to misbehaviours and system blocks), maintain, and evolve. In response to these problems, we propose ChIP, an integration process advocating choreographic programs as intermediate artefacts to refine high-level global specifications (e.g., UML Sequence Diagrams), defined by the domain experts of each partner, into concrete, distributed implementations. In ChIP, once the stakeholders agree upon a choreographic integration design, they can automatically generate the respective local connectors, which are guaranteed to faithfully implement the described distributed logic. In the paper, we illustrate ChIP with a pilot from the EU EIT Digital project SMAll, aimed at integrating pre-existing systems from government, university, and transport industry.
@inproceedings{GLR18,
author = {Saverio Giallorenzo and
Ivan Lanese and
Daniel Russo},
editor = {Herv{\'{e}} Panetto and
Christophe Debruyne and
Henderik A. Proper and
Claudio Agostino Ardagna and
Dumitru Roman and
Robert Meersman},
title = {ChIP: {A} Choreographic Integration Process},
booktitle = {On the Move to Meaningful Internet Systems. {OTM} 2018 Conferences
- Confederated International Conferences: CoopIS, C{\&}TC, and
{ODBASE} 2018, Valletta, Malta, October 22-26, 2018, Proceedings,
Part {II}},
series = {Lecture Notes in Computer Science},
volume = {11230},
pages = {22--40},
publisher = {Springer},
year = {2018},
doi = {10.1007/978-3-030-02671-4\_2}
}
Choreographic Programming is a paradigm for distributed programming, where high-level ``Alice and Bob’’ descriptions of communications (choreographies) are used to synthesise correct-by-construction programs. However, implementations of choreographic models use message routing technologies distant from their related theoretical models (e.g., CCS/pi channels). This drives implementers to mediate discrepancies with the theory through undocumented, unproven adaptations, weakening the reliability of their implementations. As a solution, we propose the framework of Applied Choreographies (AC). In AC, programmers write choreographies in a language that follows the standard syntax and semantics of previous works. Then, choreographies are compiled to a real-world execution model for Service-Oriented Computing (SOC). To manage the complexity of this task, our compilation happens in three steps, respectively dealing with: implementing name-based communications using the concrete mechanism found in SOC, projecting a choreography to a set of processes, and translating processes to a distributed implementation in terms of services.
@inproceedings{GMG18,
author = {Saverio Giallorenzo and
Fabrizio Montesi and
Maurizio Gabbrielli},
editor = {Christel Baier and
Lu{\'{\i}}s Caires},
title = {Applied Choreographies},
booktitle = {Formal Techniques for Distributed Objects, Components, and Systems
- 38th {IFIP} {WG} 6.1 International Conference, {FORTE} 2018, Held
as Part of the 13th International Federated Conference on Distributed
Computing Techniques, DisCoTec 2018, Madrid, Spain, June 18-21, 2018,
Proceedings},
series = {Lecture Notes in Computer Science},
volume = {10854},
pages = {21--40},
publisher = {Springer},
year = {2018},
doi = {10.1007/978-3-319-92612-4\_2}
}
Programming distributed applications free from communication deadlocks and race conditions is complex. Preserving these properties when applications are updated at runtime is even harder. We present a choreographic approach for programming updatable, distributed applications. We define a choreography language, called Dynamic Interaction-Oriented Choreography (DIOC), that allows the programmer to specify, from a global viewpoint, which parts of the application can be updated. At runtime, these parts may be replaced by new DIOC fragments from outside the application. DIOC programs are compiled, generating code for each participant in a process-level language called Dynamic Process-Oriented Choreographies (DPOC). We prove that DPOC distributed applications generated from DIOC specifications are deadlock free and race free and that these properties hold also after any runtime update. We instantiate the theoretical model above into a programming framework called Adaptable Interaction-Oriented Choreographies in Jolie (AIOCJ) that comprises an integrated development environment, a compiler from an extension of DIOCs to distributed Jolie programs, and a runtime environment to support their execution.
@article{DGGLM17,
author = {Mila {Dalla Preda} and
Maurizio Gabbrielli and
Saverio Giallorenzo and
Ivan Lanese and
Jacopo Mauro},
title = {Dynamic Choreographies: Theory And Implementation},
journal = {Log. Methods Comput. Sci.},
volume = {13},
number = {2},
year = {2017},
doi = {10.23638/LMCS-13(2:1)2017},
}
Multi-modal travelling is a common phenomenon. However, planning multi-modal journeys is still an unstructured and time-consuming experience for customers: they lose time assembling a comprehensive plan out of disparate data, spread over a multitude of information systems each corresponding to a different company responsible for one of the legs in the journey. Also transport operators are affected by the sparsity of the transportation market, as they might lose potential customers who could not find or know about their services. In this paper, we propose Mobility as a Service (MaaS) as a solution to such problems. Key element of MaaS is that MaaS operators can aggregate solutions of multiple providers to deliver dynamic, transparent multi-modal travels to their users, who experience transportation as managed directly by a single operator. However, given the volume and sparsity of the transportation market, we argue that MaaS operators cannot rely on one-to-one, custom contracts of usage with single mobility operators. Instead, we envision the creation of platforms that automatise the marketing of services for mobility among many mobility providers.
In this work, we detail the required features of a general software platform for such a MaaS market. In particular, we provide a precise definition of MaaS through the MaaS Stack a tiered view of the components needed by entities to join the MaaS market. Then, through the lens of the MaaS Stack, we elicit the features of an enabling software platform. Finally, to validate our approach, we present a compliant prototype, called SMAll, and discuss its main design choices, among which: i) how SMAll supports the creation of a federation-based MaaS market and ii) how microservices an emerging architectural style that fosters cohesiveness and minimality of components enhance flexibility and let the platform and the services of its members efficiently scale according to dynamic demands.
@inproceedings{CGGMP17,
author = {Franco Callegati and
Maurizio Gabbrielli and
Saverio Giallorenzo and
Andrea Melis and
Marco Prandini},
title = {Smart mobility for all: {A} global federated market for mobility-as-a-service
operators},
booktitle = {20th {IEEE} International Conference on Intelligent Transportation
Systems, {ITSC} 2017, Yokohama, Japan, October 16-19, 2017},
pages = {1--8},
publisher = {{IEEE}},
year = {2017},
doi = {10.1109/ITSC.2017.8317701}
}
Mobility as a Service (MaaS) applies the everything-as- a-service paradigm of Cloud Computing to transportation: a MaaS provider offers to its users the dynamic composition of solutions of different travel agencies into a single, consistent interface. Traditionally, transits and data on mobility belong to a scattered plethora of operators. Thus, we argue that the economic model of MaaS is that of federations of providers, each trading its resources to coordinate multi-modal solutions for mobility. Such flexibility comes with many security and privacy concerns, of which insider threat is one of the most prominent. In this paper, we follow a tiered structure from individual operators to markets of federated MaaS providers to classify the potential threats of each tier and propose the appropriate countermeasures, in an effort to mitigate the problems.
@inproceedings{CGMP17,
author = {Franco Callegati and
Saverio Giallorenzo and
Andrea Melis and
Marco Prandini},
editor = {Tung Bui},
title = {Insider Threats in Emerging Mobility-as-a-Service Scenarios},
booktitle = {50th Hawaii International Conference on System Sciences, {HICSS} 2017,
Hilton Waikoloa Village, Hawaii, USA, January 4-7, 2017},
pages = {1--10},
publisher = {ScholarSpace / {AIS} Electronic Library (AISeL)},
year = {2017},
url = {https://hdl.handle.net/10125/41477}
}
The microservice architecture is a style inspired by service-oriented computing that has recently started gaining popularity. Before presenting the current state-of-the-art in the field, this chapter reviews the history of software architecture, the reasons that led to the diffusion of objects and services first, and microservices later. Finally, open problems and future challenges are introduced. This survey addresses mostly newcomers to the discipline and offers an academic viewpoint on the topic. In addition, practical aspects are investigated and solutions proposed.
@incollection{DGLMMMS17,
author = {Nicola Dragoni and
Saverio Giallorenzo and
Alberto Lluch{-}Lafuente and
Manuel Mazzara and
Fabrizio Montesi and
Ruslan Mustafin and
Larisa Safina},
editor = {Manuel Mazzara and
Bertrand Meyer},
title = {Microservices: Yesterday, Today, and Tomorrow},
booktitle = {Present and Ulterior Software Engineering},
pages = {195--216},
publisher = {Springer},
year = {2017},
doi = {10.1007/978-3-319-67425-4\_12}
}
This tutorial describes AIOCJ, which stands for Adaptive Interaction Oriented Choreographies in Jolie, a choreographic language for programming microservice-based applications which can be updated at runtime. The compilation of a single AIOCJ program generates the whole set of distributed microservices that compose the application. Adaptation is performed using adaptation rules. Abstractly, each rule replaces a pre-delimited part of the program with the new code contained in the rule itself. Concretely, at runtime, the application of a rule updates part of the microservices that compose the application so to match the behaviour specified by the updated program. Thanks to the properties of choreographies, the adaptive application is free from communication deadlocks and message races even after adaptation.
@incollection{GLMG17,
author = {Saverio Giallorenzo and
Ivan Lanese and
Mauro Jacopo and
Gabbrielli Maurizio},
title = {Programming Adaptive Microservice Applications: An {AIOCJ} Tutorial},
editor = {Gay, Simon and Ravara, Ant{\'o}nio},
publisher = {River Publishers},
isbn = {9781003337331},
doi = {10.1201/9781003337331-7},
booktitle = {Behavioural Types: from Theory to Tools},
year = {2017},
pages = {147-167},
}
Choreographies are a relatively new tool for designing distributed systems from a global viewpoint. Choreographic specifications are also free from deadlocks and race conditions by design. Recent theoretical results defined proper Endpoint Projection (EPP) functions to compile choreographic specifications into their single components. Since EPPs are behavioural preserving, projected systems also enjoy freedom from deadlocks and races by construction.
Aim of this PhD is to formalise non-trivial features of distributed systems with choreographies and to translate our theoretical results into the practice of implemented systems. To this purpose, we provide two main contributions.
The first contribution tackles one of the most challenging features of distributed development: programming correct and consistent runtime updates of distributed systems. Our solution is a theoretical model of dynamic choreographies that provides a clear definition of which components and behaviours can be updated. We prove that compiled choreographic specifications are correct and consistent after any update. We also refine our theoretical model to provide a finer control over updates. On this refinement, we develop a framework for programming adaptable distributed systems.
The second contribution covers one of the main issues of implementing theoretical results on choreographies: formalising the compilation from choreographies to executable programs. There is a sensible departure between the present choreographic frameworks and their theoretical models because their theories abstract communications with synchronisation on names (a la CCS/pi-calculus) yet they compile to Jolie programs, an executable language that uses correlation a renown technology of Service-Oriented Computing for message routing. Our solution is a theory of Applied Choreographies (AC) that models correlation-based message passing. We pinpoint the key theoretical problems and formalise the principles that developers should follow to obtain correct implementations. Finally, we prove our approach by defining a correct compiler from AC to the calculus behind the Jolie language.
@phdthesis{G16,
title = {Real-World Choreographies},
author = {Giallorenzo, Saverio},
year = {2016},
school = {Universit{\`a} degli studi di Bologna}
}
Mobility as a Service takes the concept of XaaS to transportation: a MaaS provider shall merge transport options from different mobility providers, seamlessly handling the whole experience of travelling, from providing information, to travel planning, and payments handling. To effectively support the creation of a market of MaaS providers, we envision the creation of ICT infrastructures based on microservices, a modern and renowned development model that fosters the creation of an ecosystem of reusable components. The flexibility of such platforms is their key advantage, yet it poses many security issues. In this paper, we look at these problems through the lens of our experience on one of such platforms, called SMAll. We classify the most relevant vulnerabilities related to data reliability, integrity, and authenticity, and we investigate directions for their mitigation.
@inproceedings{CGMP16,
author = {Franco Callegati and
Saverio Giallorenzo and
Andrea Melis and
Marco Prandini},
title = {Data security issues in MaaS-enabling platforms},
booktitle = {2nd {IEEE} International Forum on Research and Technologies for Society
and Industry Leveraging a better tomorrow, {RTSI} 2016, Bologna, Italy,
September 7-9, 2016},
pages = {1--5},
publisher = {{IEEE}},
year = {2016},
doi = {10.1109/RTSI.2016.7740624}
}
Microservices is an emerging paradigm for the development of distributed systems that, originating from Service-Oriented Architecture, focuses on the small dimension, the loose coupling, and the dynamic topology of services. Microservices are particularly appropriate for the development of distributed systems in the Cloud. However, their dynamic nature calls for suitable techniques for their automatic deployment. In this paper we address this problem and we propose JRO (Jolie Redeployment Optimiser), a tool for the automatic and optimised deployment of microservices written in the Jolie language. The tool uses Zephyrus, a state of the art tool that automatically generates a fully detailed Service-Oriented Architecture configuration starting from a partial and abstract description of the target application.
@inproceedings{GGGMM16,
author = {Maurizio Gabbrielli and
Saverio Giallorenzo and
Claudio Guidi and
Jacopo Mauro and
Fabrizio Montesi},
editor = {Erika {\'{A}}brah{\'{a}}m and
Marcello M. Bonsangue and
Einar Broch Johnsen},
title = {Self-Reconfiguring Microservices},
booktitle = {Theory and Practice of Formal Methods - Essays Dedicated to Frank
de Boer on the Occasion of His 60th Birthday},
series = {Lecture Notes in Computer Science},
volume = {9660},
pages = {194--210},
publisher = {Springer},
year = {2016},
doi = {10.1007/978-3-319-30734-3\_14}
}
Programming distributed applications free from communication deadlocks and races is complex. Preserving these properties when applications are updated at runtime is even harder. We present DIOC, a language for programming distributed applications that are free from deadlocks and races by construction. A DIOC program describes a whole distributed application as a unique entity (choreography). DIOC allows the programmer to specify which parts of the application can be updated. At runtime, these parts may be replaced by new DIOC fragments from outside the application. DIOC programs are compiled, generating code for each site, in a lower-level language called DPOC. We formalise both DIOC and DPOC semantics as labelled transition systems and prove the correctness of the compilation as a trace equivalence result. As corollaries, DPOC applications are free from communication deadlocks and races, even in presence of runtime updates.
@inproceedings{DGGLM15a,
author = {Mila {Dalla Preda} and
Maurizio Gabbrielli and
Saverio Giallorenzo and
Ivan Lanese and
Jacopo Mauro},
editor = {Tom Holvoet and
Mirko Viroli},
title = {Dynamic Choreographies - Safe Runtime Updates of Distributed Applications},
booktitle = {Coordination Models and Languages - 17th {IFIP} {WG} 6.1 International
Conference, {COORDINATION} 2015, Held as Part of the 10th International
Federated Conference on Distributed Computing Techniques, DisCoTec
2015, Grenoble, France, June 2-4, 2015, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {9037},
pages = {67--82},
publisher = {Springer},
year = {2015},
doi = {10.1007/978-3-319-19282-6\_5}
}
We illustrate our approach to develop and verify distributed, adaptive software systems. The cornerstone of our framework is the use of choreography languages, which allow us to obtain correctness by construction. Workflow Patterns are also used as abstract tools to design real systems, while techniques based on abstract interpretation and on dynamic verification are integrated in our framework to reduce the complexity of verification.
@article{DGGLM15b,
author = {Mila {Dalla Preda} and
Maurizio Gabbrielli and
Saverio Giallorenzo and
Ivan Lanese and
Jacopo Mauro},
title = {Developing correct, distributed, adaptive software},
journal = {Sci. Comput. Program.},
volume = {97},
pages = {41--46},
year = {2015},
doi = {10.1016/J.SCICO.2013.11.019}
}
We present AIOCJ, a framework for programming distributed adaptive applications. Applications are programmed using AIOC, a choreographic language suited for expressing patterns of interaction from a global point of view. AIOC allows the programmer to specify which parts of the application can be adapted. Adaptation takes place at runtime by means of rules, which can change during the execution to tackle possibly unforeseen adaptation needs. AIOCJ relies on a solid theory that ensures applications to be deadlock-free by construction also after adaptation. We describe the architecture of AIOCJ, the design of the AIOC language, and an empirical validation of the framework.
@inproceedings{DGLMG14,
author = {Mila {Dalla Preda} and
Saverio Giallorenzo and
Ivan Lanese and
Jacopo Mauro and
Maurizio Gabbrielli},
editor = {Beno{\^{\i}}t Combemale and
David J. Pearce and
Olivier Barais and
Jurgen J. Vinju},
title = {{AIOCJ:} {A} Choreographic Framework for Safe Adaptive Distributed
Applications},
booktitle = {Software Language Engineering - 7th International Conference, {SLE}
2014, V{\"{a}}ster{\aa}s, Sweden, September 15-16, 2014. Proceedings},
series = {Lecture Notes in Computer Science},
volume = {8706},
pages = {161--170},
publisher = {Springer},
year = {2014},
doi = {10.1007/978-3-319-11245-9\_9}
}
In Service-Oriented Architectures (SOA), services are composed by coordinating their communications into a flow of interactions. Coloured Petri nets (CPN) offer a formal yet easy tool for modelling interactions in SOAs, however mapping abstract SOAs into executable ones requires a non-trivial and time-costly analysis. Here, we propose a methodology that maps CPN-modelled SOAs into Jolie SOAs (our tar- get language), exploiting a collection of recurring control-flow patterns, called Workflow Patterns, as composable blocks of the translation. We validate our approach with a realistic use case. In addition, we pragmatically asses the expressiveness of Jolie wrt the considered WPs.
@inproceedings{GGM14,
author = {Maurizio Gabbrielli and
Saverio Giallorenzo and
Fabrizio Montesi},
title = {Service-Oriented Architectures: From Design to Production Exploiting
Workflow Patterns},
booktitle = {Distributed Computing and Artificial Intelligence, 11th International
Conference, {DCAI} 2014, Salamanca, Spain, June 4-6, 2014},
pages = {131--139},
year = {2014},
publisher = {Springer},
doi = {10.1007/978-3-319-07593-8\_17}
}
Application Programming Interfaces (APIs) are a standard feature of any application that exposes its functionalities to external invokers. APIs can be composed thus obtaining new programs with new functionalities. However API composition easily becomes a frustrating and time-costly task that hinders API reuse. The issue derives from technology-dependent features of API composition such as the need of extensive documentation, protocol integration, security issues, etc.. In this paper we introduce the perspective of the API-as-a-Service (APIaaS) layer as tool to ease the development and deployment of applications based on API composition, abstracting communication protocols and message formats. We elicit the desirable features of such a layer and provide a proof-of-concept prototype implemented using a service-oriented language.
@inproceedings{GGG14,
author = {Claudio Guidi and
Saverio Giallorenzo and
Maurizio Gabbrielli},
editor = {Markus Helfert and
Fr{\'{e}}d{\'{e}}ric Desprez and
Donald Ferguson and
Frank Leymann and
V{\'{\i}}ctor M{\'{e}}ndez Mu{\~{n}}oz},
title = {Towards a Composition-based APIaaS Layer},
booktitle = {{CLOSER} 2014 - Proceedings of the 4th International Conference on
Cloud Computing and Services Science, Barcelona, Spain, April 3-5,
2014},
pages = {425--432},
publisher = {SciTePress},
year = {2014},
doi = {10.5220/0004948004250432}
}
The main contribution of this master thesis work is the description, verification, and demonstration of the realisability in the Jolie language of Control-Flow and Resources Workflow Patterns defined by the Workflow Patterns Initiative (WPI). The thesis is divided into four chapters.
The first chapter presents a general description of the programming paradigm behind the Jolie language, Service-Oriented Computing, and its main context of application, Business Process Automation (BPA). The presentation is mainly focussed on the principles of Service-Oriented Architectures (SOA) and ultimately describes the main methods concerning service composition orchestration and choreography. The last section of the chapter considers SOC in a strictly industrial perspective, highlighting its strategic features.
The second chapter focuses on the description of Jolie. This chapter is not intended as a comprehensive description of the features in the language but rather gives an overview of the theoretical concepts, data structures, operators, and constructs of Jolie, used to demonstrate the realisability of the considered Workflow Patterns.
The third chapter contains the actual realisation of the considered Workflow Patterns in Jolie. Each pattern is first reported and explained in terms of Coloured Petri Nets, realised as a Jolie program (or architecture of programs), reporting the rationale behind the realisation.
The fourth chapter summarises the results from this thesis work, showing a comparison between Jolie and other BPA languages, as reported by WPI. The chapter also contains a discussion on future work: the completion of this study with an analysis on the remaining patterns from the WPI and their impact on the evolution of the Jolie language.
@mastersthesis{G12,
title = {Workflow Patterns for Service-Oriented Computing in Jolie},
author = {Giallorenzo, Saverio},
school = {Universit{\`a} degli studi di Bologna},
month = {7},
year = {2012}
}
Short abstract: working code examples that illustrate how the deployment/behaviour division of Jolie programs makes any communicating endpoint a microservices: whether it is a web server, an architectural component or even an IoT device. Click here to see the full abstract.
One of the main tenets of the microservice approach is to loose the ties among (distributed) software components (i.e., microservices), so that they can be developed, evolved, and scaled independently. However, there is one often-overlooked element that binds indirectly together collaborating microservices: communication. This binding consists of the dependencies on the libraries and/or frameworks that support the communication protocols and data formats that are chosen in the design of the microservice architecture. Regardless of whether this choice was conscious or not, it can quickly lead to technical debt unless it is carefully managed: the programming paradigms of each library tend to leak into the core logic of the microservice, making switching to other communication stacks difficult or even infeasible. All of a sudden, the so-advertised resilience of microservices gave way to an inflexible and limiting architecture.
In this hands-on demonstration we will see, using the Jolie language, how suitable language abstractions can loose these implicit couplings. The ultimate aim is to experiment how, through the lens of Jolie, web services, traditional programs, and even IoT devices are all the same: microservices, all the way down.