The Department of Defense (DoD) is highly dependent on software. The increasing complexity and scale of this software is creating new attack surfaces for adversaries and reducing the DoD’s ability to react to new threats. Some examples of these complex software systems are as software used in airplanes, logistics, satellites, nuclear power plants and other critical infrastructure. As currently practiced the cost of software engineering is constraining the ability of the U.S. Government to deploy new software-based capabilities, as more than 70% of the federal information technology (IT) budget is dedicated to operations and management (O&M).
In particular, DoD must have software that is easily adaptable to changing mission needs and can be evolved rapidly and delivered quickly at lower costs to meet mission requirements in a timely manner. Software today is brittle with respect to changes in requirements and/or computing resources, requiring frequent and ultimately unaffordable modernization efforts to maintain adequate functionality.
We need an undated way of developing, deploying and updating software-intensive systems that will match the tempo and ever-changing mission demands of military operations. The Defense Advanced Research Projects Agency announced it would start investing in technologies that build more flexibility into the software development process and make it significantly easier to upgrade IT systems once their original specs become outdated.
The Defense Advanced Research Projects Agency (DARPA) announced in July 2019 that it’s launching a new program to identify and put into use technologies that will enable rapid software adaptation for the Defense Department’s (DoD) systems. The Intent-Defined Adaptive Software (IDAS) program looks to “capture engineering intentions,” DAPRA said, by developing methods to separate problem descriptions – or the problems that software addresses – from any instantiation of the software. DARPA is soliciting innovative research proposals in the area of automating the evaluation of software assurance evidence to enable certifiers to rapidly determine that the system risk is acceptable.
The Intent-Defined Adaptive Software (IDAS) program seeks to develop technologies that capture the intentions of software engineers to support the continual adaptation of DoD software-enabled systems. In practice, changes in requirements and resources are a common occurrence. The program seeks to develop new methods for representing the intent of software and its abstract constraints separately from its concrete instantiation by leveraging automated methods to adjust to a particular instance. Technologies developed on the IDAS program will enable rapid adaptation of software to changes in requirements and/or operating environments.
The goal is to develop technologies that capture the intentions of software engineers and enable rapid code generation that supports continual adaptation and evolution of DoD software-enabled systems. “You can’t throw them out and start from scratch,” said Karsai, Professor of Computer Engineering, Computer Science and Electrical Engineering. “You may have new requirements and new features or new hardware and network platforms, but you don’t want to mess up what you already have.”
The main idea is that changes in the requirements will result in the developer making changes in the models that will result in changes in the generated artifacts, or changes in the target system, he said. And these derived changes should take place with minimal human involvement. “We consider software development as a continuous process, where the software is undergoing sustained change, improvement and extension,” Karsai said. “Our goal is to build the tools to support this.”
Managing complexity is a central problem in software engineering. A common approach to address this challenge is concretization, in which a software engineer makes decisions based on a set of apparently or almost equivalent options to enable the resulting code to compile. Concretization makes the process of software development more controllable, allowing the engineer to define and implement an architecture, divide the development tasks into manageable parts, establish conventions to enable their integration, and integrate them into a cohesive software system.
Ideally, the engineer makes this choice by considering its impact on the system when running under a variety of likely future conditions. For example, the engineer might assume that network latency will never exceed a particular value, select a 16-bit integer to represent the horizontal velocity of a rocket, or implement data management tools using the Application Programming Interfaces (APIs) of a specific cloud service offering. Concretization makes the process of software development tractable, allowing the engineer to define and implement an architecture, split up the development tasks into manageable parts, establish conventions to enable their integration, and integrate them into a cohesive software system.
However, this process occurs at design time, when information about possible future requirements may not be available to guide the selection of concrete values or types. As a result, a substantial fraction of these choices will be wrong at some point in the system’s lifecycle due to unanticipated requirements or changes in computing resources.
Concretization also creates inefficiencies in software, as engineers tend to choose conservative values that account for worst-case scenarios or future uncertainty but waste resources when handling the far more common average cases. Software engineers make dozens of concretization decisions every day of development. In the vast majority of cases, they do not document the rationale for their choice of a particular concrete value, so the context of their decisions is lost. Even if these rationales are documented, they are likely expressed in human-readable format that is not semantically accessible to automation and can quickly become out-of-sync with the code.
Agile software development methodologies address the problem of complexity in software design by structuring development in short sprints of two to four weeks that culminate in demonstrations of developed capabilities to the end users of the system. This process can produce better concretization decisions, because the engineers and end users can spot problems earlier in the development process, when the rationale for particular choices is still readily available, but it does not prevent concretizations and the brittleness these decisions cause in software systems. In the context of some unknown future change in requirements, each sprint adds more technical debt, increasing the cost of future maintenance and adaptation.
As large software projects mature, they often become locked to specific versions of the resources on which they depend. System maintainers of these projects often struggle to keep up with changes in protocols and APIs in software system dependencies. To fix critical security weaknesses, developers maintaining large software systems often have to adapt or backport the fixes to old software, increasing their work load. Upgrading systems to take advantage of modern computational resource features often requires many of hours of effort to either completely reengineer the software, or meticulously change and test interfaces across dozens or hundreds of dependencies.
The key idea of IDAS is the separation of problem description (in terms of intentions and constraints) from any particular, concrete instantiation. This intent and constraint model must be semantically accessible to an IDAS toolchain, yet expressive enough to capture the relationships between the problem and the method by which generated software can solve and validate a solution. Through additional automation of specific implementation generation, the software sustainment effort required should be drastically reduced, freeing engineers to focus on the design of the software and adding new functionality.
Achieving the goals of IDAS will require research breakthroughs in:
- Capturing, learning, or annotating software intent and constraints separate from the concrete decisions required to create a specific instance of software
- Using captured intent to drastically reduce the human-in-the-loop effort needed to adapt software to new requirements, platforms, and resources
- Verifying that the newly-adapted software provides the functional needs of the customer/end user and that the instance does not violate any requirements
- Integrating a new intent-defined software development paradigm into existing Agile workflows to enable adoption and transition into the greater programmer community
The IDAS program will enable adaptation of software to radical changes in requirements or its computational environment with an order-of-magnitude reduction in the effort required. The key idea of IDAS is the separation of problem description (in terms of intentions and constraints) from any particular, concrete instantiation. This intent and constraint model must be semantically accessible to an IDAS toolchain, yet expressive enough to capture the relationships between the problem and the method by which generated software can solve and validate a solution.
For IDAS to transition, this capture process should be done to the greatest extent possible within the familiar process of writing software, and impose minimal additional tasks on developers who may not understand formal methods. Through additional automation of specific implementation generation, software sustainment effort should be drastically reduced, freeing engineers to focus on the design of the software and adding new functionality.
The program is divided into four technical tracks focused on developing the software generation tools and integrating them into the software development process. The first two phases of the program, scheduled to run 18 months each, will entail research, development and testing, and in the final phase teams will scale the tech across the department.
“This approach will enable software engineers to defer concretization until sufficient information is available to make sound choices,” DARPA said. “The goal of this approach is to drastically reduce the need for manual software modifications, reducing development and maintenance costs and efforts by at least an order of magnitude.”
US AFRL contracts SNC to support DARPA IDAS programme
Global aerospace and national security solutions provider Sierra Nevada Corporation (SNC) has been contracted by the US Air Force Research Laboratory (AFRL). The $8m valued contract will support SNC’s Phase I development of the US Defense Advanced Research Projects Agency’s (DARPA) Intent-Defined Adaptive Software (IDAS) programme. The IDAS programme aims to develop technologies that capture software engineering intentions. This will enable rapid and continual adaptation of the Department of Defense (DoD) software-enabled systems.
The programme is divided into four technical areas (TAs), including Automated Software Generation, Problem Set Generation, Integrated Test & Evaluation and Experimental Control & Transition. The research and initial prototype phase has a duration of 18 months. SNC will evaluate the emerging auto-code-generating capabilities. Specifically, it will lead the Experimental Control & Transition TA to develop and implement problem sets and changes, exercises, prototype toolchains and execution guidance from other TAs. SNC will develop an example project of Cloud Agility Baseline with related agile process improvements. It will be used to compare prototype workflows and software.
Contract Addresses Increasing Complexity in Software Development and Code Maintenance
-GrammaTech, a leading provider of software application security testing research and solutions, announced in dec 2020 a contract with DARPA to research the use of artificial intelligence (AI) and machine learning (ML) techniques for automating the design, testing and implementation of software applications. The contributions made by GrammaTech will be made available as part of an open source project called Mnemosyne.
“By separating problem definition from implementation, this project will help make it possible for software developers to focus on ‘what to do’, by handling the details of ‘how to do it’ using automated code synthesis and adaptation tools,” said Alexey Loginov, Vice President of Research at GrammaTech. “We believe this research will have a significant impact on software quality, reliability, security and availability by enabling a developer new to a language to skip the learning curve of the first few months, while allowing an experienced professional to program at a significantly faster pace.”
Real-Time Machine-Assisted Programming
This research project is intended to augment modern software development environments with a framework that exposes various kinds of intent specification and provides synthesis tools that act on the specifications in a collaborative process with developers. Key examples of the tools being developed include:
Code Synthesis – that automates the creation of code that implements the desired algorithm based on high-level and likely incomplete specifications.
Type Inference – that automatically deduces, either partially or fully, the type of program expressions and functions to enable automated test generation and code synthesis.
Test Generation – that creates a set of test data or test cases for verifying the adequacy of new or revised software applications. Testing accounts for nearly one third of the cost of modern system development.
Automated Repair – that automatically generates a corrective patch when a test case fails, or a warning is reported by SAST (Static Application Security Testing) or SCA (Software Composition Analysis) applications.
This material is based upon work supported by the US Air Force, AFRL/RIKE and DARPA under Contract No. FA8750-20-C-0208.
References and Resources also include: