Efficient family-based model checking via variability abstractions

Many software systems are variational: they can be configured to meet diverse sets of requirements. They can produce a (potentially huge) number of related systems, known as products or variants, by systematically reusing common parts. For variational models (variational systems or families of related systems), specialized family-based model checking algorithms allow efficient verification of multiple variants, simultaneously, in a single run. These algorithms, implemented in a tool $$\overline{\text {SNIP}}$$SNIP¯, scale much better than “the brute force” approach, where all individual systems are verified using a single-system model checker, one-by-one. Nevertheless, their computational cost still greatly depends on the number of features and variants. For variational models with a large number of features and variants, the family-based model checking may be too costly or even infeasible. In this work, we address two key problems of family-based model checking. First, we improve scalability by introducing abstractions that simplify variability. Second, we reduce the burden of maintaining specialized family-based model checkers, by showing how the presented variability abstractions can be used to model check variational models using the standard version of (single-system) SPIN. The variability abstractions are first defined as Galois connections on semantic domains. We then show how to use them for defining abstract family-based model checking, where a variability model is replaced with an abstract version of it, which preserves the satisfaction of LTL properties. Moreover, given an abstraction, we define a syntactic source-to-source transformation on high-level modeling languages that describe variational models, such that the model checking of the transformed high-level variational model coincides with the abstract model checking of the concrete high-level variational model. This allows the use of SPIN with all its accumulated optimizations for efficient verification of variational models without any knowledge about variability. We have implemented the transformations in a prototype tool, and we illustrate the practicality of this method in several case studies.

[1]  Pierre-Yves Schobbens,et al.  Model checking software product lines with SNIP , 2012, International Journal on Software Tools for Technology Transfer.

[2]  Erik P. de Vink,et al.  Coherent branching feature bisimulation , 2015, FMSPLE.

[3]  Pierre-Yves Schobbens,et al.  Featured Transition Systems: Foundations for Verifying Variability-Intensive Systems and Their Application to LTL Model Checking , 2013, IEEE Transactions on Software Engineering.

[4]  Aleksandar Dimovski Program verification using symbolic game semantics , 2014, Theor. Comput. Sci..

[5]  Stefania Gnesi,et al.  A behavioural model for product families , 2007, ESEC-FSE '07.

[6]  Martin Leucker,et al.  Modeling and Model Checking Software Product Lines , 2008, FMOODS.

[7]  Mira Mezini,et al.  SPLLIFT: statically analyzing software product lines in minutes instead of years , 2013, Software Engineering.

[8]  Ernesto Pimentel,et al.  αSPIN: A tool for abstract model checking , 2004, International Journal on Software Tools for Technology Transfer.

[9]  Malte Lochau,et al.  Incremental model checking of delta-oriented software product lines , 2016, J. Log. Algebraic Methods Program..

[10]  Thomas Thüm,et al.  Variability Hiding in Contracts for Dependent Software Product Lines , 2016, VaMoS.

[11]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[12]  Michal Antkiewicz,et al.  Mapping features to models: a template approach based on superimposed variants , 2005, GPCE'05.

[13]  Sven Apel,et al.  Detection of feature interactions using feature-aware verification , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[14]  Gunter Saake,et al.  Feature-Oriented Software Product Lines , 2013, Springer Berlin Heidelberg.

[15]  Cadence Berkeley Labs Applications of Craig Interpolants in Model Checking , 2005 .

[16]  Patrick Cousot,et al.  The calculational design of a generic abstract interpreter , 1999 .

[17]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[18]  Aleksandar Dimovski Symbolic Game Semantics for Model Checking Program Families , 2016, SPIN.

[19]  Morris Sloman,et al.  CONIC: an integrated approach to distributed computer control systems , 1983 .

[20]  Christel Baier,et al.  Principles of model checking , 2008 .

[21]  Pierre-Yves Schobbens,et al.  Counterexample guided abstraction refinement of product-line behavioural models , 2014, Software Engineering.

[22]  Claus Brabrand,et al.  Intraprocedural dataflow analysis for software product lines , 2012, AOSD.

[23]  Gunter Saake,et al.  Type checking annotation-based product lines , 2012, TSEM.

[24]  Claus Brabrand,et al.  Systematic derivation of correct variability-aware program analyses , 2015, Sci. Comput. Program..

[25]  Sebastian Erdweg,et al.  Variability-aware parsing in the presence of lexical macros and conditional compilation , 2011, OOPSLA '11.

[26]  Kyo Chul Kang,et al.  Feature-Oriented Domain Analysis (FODA) Feasibility Study , 1990 .

[27]  Paul Clements,et al.  Software product lines - practices and patterns , 2001, SEI series in software engineering.

[28]  Ernesto Pimentel,et al.  Refinement of LTL Formulas for Abstract Model Checking , 2002, SAS.

[29]  Pierre-Yves Schobbens,et al.  Model checking lots of systems: efficient verification of temporal properties in software product lines , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[30]  Claus Brabrand,et al.  Variability Abstractions: Trading Precision for Speed in Family-Based Analyses , 2015, ECOOP.

[31]  Andreas Classen,et al.  A text-based approach to feature modelling: Syntax and semantics of TVL , 2011, Sci. Comput. Program..

[32]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[33]  Claus Brabrand,et al.  Family-Based Model Checking Without a Family-Based Model Checker , 2015, SPIN.

[34]  Pierre-Yves Schobbens,et al.  Simulation-based abstractions for software product-line model checking , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[35]  Orna Grumberg,et al.  Abstract interpretation of reactive systems , 1997, TOPL.

[36]  Martin Erwig,et al.  An error-tolerant type system for variational lambda calculus , 2012, ICFP.

[37]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[38]  Sven Apel,et al.  Family-based deductive verification of software product lines , 2012, GPCE '12.

[39]  Maurice H. ter Beek,et al.  Modelling and analysing variability in product families: Model checking of modal transition systems with variability constraints , 2016, J. Log. Algebraic Methods Program..

[40]  Carsten Sinz,et al.  Configuration Lifting: Verification meets Software Configuration , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[41]  Mark Ryan,et al.  Feature integration using a feature construct , 2001, Sci. Comput. Program..

[42]  Maurice H. ter Beek,et al.  Using FMC for family-based analysis of software product lines , 2015, SPLC.

[43]  Pierre-Yves Schobbens,et al.  Symbolic model checking of software product lines , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[44]  Gunter Saake,et al.  A Classification and Survey of Analysis Strategies for Software Product Lines , 2014, ACM Comput. Surv..

[45]  Gunter Saake,et al.  Feature-Oriented Software Product Lines , 2013, Springer Berlin Heidelberg.

[46]  Klaus Pohl,et al.  Model Checking of Domain Artifacts in Product Line Engineering , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.