Amy P. Felty
Abstract
Large software systems, especially in the telecommunications field, are often specified as a collection of features. We present a formal specification language for describing features, and a method of automatically detecting conflicts ("undesirable interactions") amongst features at the specification stage. Conflict detection at this early stage can help prevent costly and time consuming problem fixes during implementation. Features are specified using temporal logic; two features conflict essentially if their specifications are mutually inconsistent under axioms about the underlying system behavior. We show how this inconsistency check may be performed automatically with existing model checking tools. In addition, the model checking tools can be used to provide witness scenarios, both when two features conflict as well as when the features are mutually consistent. Both types of witnesses are useful for refining the specifications. We have implemented a conflict detection tool, FIX (Feature Interaction eXtractor), which uses the model checker COSPAN for the inconsistency check. We describe our experience in applying this tool to a collection of telecommunications feature specifications obtained from the Telcordia (Bellcore) standards. Using FIX, we were able to detect most known interactions and some new ones, fully automatically, in a few hours processing time.
- Aho, A., Gallagher, S., Griffeth, N., Schell, C., and Swayne, D. 1998. SCF3TM/culptor with Chisel: Requirements engineering for communications services. In Feature Interactions in Telecommunications and Software Systems V, K. Kimbler and L. G. Bouma, Eds. IOS Press, 45--63.]]Google Scholar
- Blom, J., Bol, R., and Kempe, L. 1995. Automatic detection of feature interactions in temporal logic. In Feature Interactions in Telecommunications Systems III, K. E. Cheng and T. Ohta, Eds. IOS Press, 1--19.]]Google Scholar
- Brayton, R. K., Hachtel, G. D., Sangiovanni-Vincentelli, A. L., Somenzi, F., Aziz, A., Cheng, S.-T., Edwards, S. A., Khatri, S. P., Kukimoto, Y., Pardo, A., Qadeer, S., Ranjan, R. K., Sarwary, S., Shiple, T. R., Swamy, G., and Villa, T. 1996. VIS: A system for verification and synthesis. In Conference on Computer Aided Verification. Lecture Notes in Computer Science, vol. 1102. Springer-Verlag, New York.]] Google Scholar
- Buchi, J. R. 1962. On a decision method in restricted second-order arithmetic. In 1960 International Congress for Logic, Methodology and Philosophy of Science. Stanford Univ. Press, Stanford, Calif.]]Google Scholar
- Clarke, E. M. and Emerson, E. A. 1981. Design and synthesis of synchronization skeletons using branching time temporal logic. In Workshop on Logics of Programs. Lecture Notes in Computer Science, vol. 131. Springer-Verlag, New York.]] Google Scholar
- Combes, P. and Pickin, S. 1994. Formalisation of a user view of network and services for feature interaction detection. In Feature Interactions in Telecommunications Systems, W. Bouma and H. Velthuijsen, Eds. IOS Press, 120--135.]]Google Scholar
- du Bousquet, L. 1999. Feature interaction detection using testing and model-checking, experience report. In World Congress on Formal Methods. Lecture Notes in Computer Science, vol. 1708. Springer-Verlag, New York.]] Google Scholar
- Emerson, E. A. and Halpern, J. Y. 1986. "Sometimes" and "Not Never" revisited: on Branching versus Linear Time Temporal Logic. J.ACM 33, 1 (Jan.), 151--178.]] Google ScholarDigital Library
- Faci, M. and Logrippo, L. 1994. Specifying features and analysing their interactions in a LOTOS environment. In Feature Interactions in Telecommunications Systems, W. Bouma and H. Velthuijsen, Eds. IOS Press, 136--151.]]Google Scholar
- Gammelgaard, A. and Kristensen, J. E. 1994. Interaction detection, a logical approach. In Feature Interactions in Telecommunications Systems, W. Bouma and H. Velthuijsen, Eds. IOS Press, 178--196.]]Google Scholar
- Hardin, R. H., Har'el, Z., and Kurshan, R. P. 1996. COSPAN. In Eighth Conference on Computer Aided Verification. Lecture Notes in Computer Science, vol. 1102. Springer-Verlag New York.]]Google Scholar
- Harel, D. and Pnueli, A. 1985. On the development of reactive systems. In Logics and Models of Concurrent Systems, K. Apt, Ed. NATO Advanced Summer Institutes, vol. F-13. Springer-Verlag, New York, 477--498.]] Google Scholar
- Holzmann, G. J. and Smith, M. H. 2000. Automating software feature interaction. Bell Labs Tech. J. 5.]]Google Scholar
- Jonsson, B., Margaria, T., Naeser, G., Nyström, J., and Steffen, B. 2000. Incremental requirement specification for evolving systems. In Feature Interactions in Telecommunications and Software Systems VI, M. Calder and E. Magill, Eds. IOS Press, 145--162.]]Google Scholar
- Kamoun, J. and Logrippo, L. 1998. Goal-oriented feature interaction detection in the intelligent network model. In Feature Interactions in Telecommunications and Software Systems V, K. Kimbler and L. G. Bouma, Eds. IOS Press, 172--186.]]Google Scholar
- Keck, D. O. and Kuehn, P. J. 1998. The feature and service interaction problem in telecommunications systems: A survey. IEEE Trans. Softw. Eng. 24, 10 (Oct.), 779--796.]] Google ScholarDigital Library
- Khoumsi, A. and Bevelo, R. J. 2000. A detection method developed after a thorough study of the contest held in 1998. In Feature Interactions in Telecommunications and Software Systems VI, M. Calder and E. Magill, Eds. IOS Press, 226--240.]]Google Scholar
- Lamport, L. 1994. The temporal logic of actions. ACM Trans. Prog. Lang. Syst. 16, 3 (May), 872--923.]] Google ScholarDigital Library
- LaPorta, T. F., Lee, D., Lin, Y.-J., and Yannakakis, M. 1998. Protocol feature interactions. In Formal Description Techniques (FORTE-PSTV).]]Google Scholar
- Lin, F. J. and Lin, Y.-J. 1994. A building block approach to detecting and resolving feature interactions. In Feature Interactions in Telecommunications Systems, W. Bouma and H. Velthuijsen, Eds. IOS Press, 86--119.]]Google Scholar
- McMillan, K. L. 1993. Symbolic Model Checking. Kluwer Academic Publishers.]] Google Scholar
- Plath, M. and Ryan, M. 1998. Plug-and-play features. In Feature Interactions in Telecommunications and Software Systems V, K. Kimbler and L. G. Bouma, Eds. IOS Press, 150--164.]]Google Scholar
- Plath, M. and Ryan, M. 2001. Feature integration using a feature construct. Sci. Comput. Prog. 41, 1 (Sept.), 53--84.]] Google Scholar
- Pnueli, A. 1977. The temporal logic of programs. In Proceedings of the 18th IEEE Symposium on Foundations of Computer Science. IEEE Computer Society Press, Los Alamitos, Calif., 46--57.]]Google Scholar
- Pnueli, A. and Rosner, R. 1989. On the synthesis of a reactive module. In Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York.]] Google Scholar
- Queille, J. P. and Sifakis, J. 1982. Specification and verification of concurrent systems in CESAR. In Proceedings of the 5th International Symposium on Programming. Lecture Notes in Computer Science, vol. 137. Springer-Verlag, New York.]] Google Scholar
- Siddiqi, S. and Atlee, J. M. 2000. A hybrid model for specifying features and detecting interactions. Comput. Netw. 32, 471--485.]] Google ScholarDigital Library
- Tel 1996. LATA switching systems generic requirements (LSSGR) FR-NWT-000064, 1992 edition. Feature requirements, including: SPCS capabilities and features, SR-504. Issue 1, May 1996, Telcordia/Bellcore.]]Google Scholar
- Thomas, W. 1990. Automata on infinite objects. In Handbook on Theoretical Computer Science, J. van Leeuwen, Ed. Vol. B. Elsevier Science, Amsterdam, The Netherlands.]] Google Scholar
- Vardi, M. Y. and Wolper, P. 1986. An automata-theoretic approach to automatic program verification (preliminary report). In Symposium on Logic in Computer Science. 332--344.]]Google Scholar
Index Terms
- Feature specification and automated conflict detection
Recommendations
Feature-interaction detection based on feature-based specifications
Formal specification and verification techniques have been used successfully to detect feature interactions. We investigate whether feature-based specifications can be used for this task. Feature-based specifications are a special class of ...
Exploiting resolution proofs to speed up LTL vacuity detection for BMC
When model-checking reports that a property holds on a model, vacuity detection increases user confidence in this result by checking that the property is satisfied in the intended way. While vacuity detection is effective, it is a relatively expensive ...
Feature interaction detection by pairwise analysis of LTL properties: a case study
A Promela specification and a set of temporal properties are developed for a basic call service with a number of features. The properties are expressed in the logic LTL.Interactions between features are detected by pairwise analysis of features and ...
Comments