cardygan: tool support for cardinality-based feature models · 2015. 7. 16. · roland kluge, andy...
TRANSCRIPT
-
© author(s) of these slides 2016 including research results of the research network ES and TU Darmstadt otherwise as specified at the respective slide
Thomas [email protected]
29.01.2016
ES Real-Time Systems Lab
Prof. Dr. rer. nat. Andy Schürr
Dept. of Electrical Engineering and Information Technology
Dept. of Computer Science (adjunct Professor)
www.es.tu-darmstadt.de
CardyGAn: Tool Support for
Cardinality-based Feature ModelsThomas Schnabel, Markus Weckesser, Malte Lochau,
Roland Kluge, Andy Schürr
VaMoS 2016,Salvador da Bahia, Brasil
mailto:[email protected]
-
ES – Real-Time Systems Lab2 | 29.01.2016 | Thomas Schnabel
Example: Variability Modeling of Systems with
multiply duplicated Subsystems
Platoon
Leader Follower1 Follower2
High Throughput Channel
Reliable Channel
Legend
Autonomous Vehicle
90mph
[1] T. Tank, N. Yee,, J. M. G. Linnartz. Vehicle-to-Vehicle Communication for AVCS platooning. (1994)
-
ES – Real-Time Systems Lab3 | 29.01.2016 | Thomas Schnabel
Example: Variability Modeling of Systems with
multiply duplicated Subsystems
Platoon
Leader Follower1 Follower2
High Throughput Channel
Reliable Channel
Legend
Autonomous Vehicle
Joining VehicleTriggers adaptation of overall system behavior
50mph
Follower3
[1] T. Tank, N. Yee,, J. M. G. Linnartz. Vehicle-to-Vehicle Communication for AVCS platooning. (1994)
-
ES – Real-Time Systems Lab4 | 29.01.2016 | Thomas Schnabel
Running Example:
Cardinality-based Feature Model (CFM)
SlowMoving
Follower
Platoon
Channels Movement Member
[3,3]
[2,2] [1,1] [1,1]
«require»
«require» «exclude»«exclude»
LeaderReliableHigh
ThroughputFast
Moving
[2] M. Riebisch, K. B•ollert, D. Streitferdt, and I. Philippow. Extending Feature Diagrams with UML Multiplicities (2002)
-
ES – Real-Time Systems Lab5 | 29.01.2016 | Thomas Schnabel
CFM Syntax: Features
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
Feature Instance CardinalityNumber of instances in
each sub-tree
-
ES – Real-Time Systems Lab6 | 29.01.2016 | Thomas Schnabel
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
CFM-Syntax: Groups
Local InterpretationIntervals restrict cardinalities
for every individual clone in separate sub-tree
Group Type CardinalityNumber of child features
with active instances
Group Instance CardinalityNumber of feature instances of
types selected from a group
-
ES – Real-Time Systems Lab7 | 29.01.2016 | Thomas Schnabel
CFM Syntax: Exclude Constraints
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
Bidirectional Edge
-
ES – Real-Time Systems Lab8 | 29.01.2016 | Thomas Schnabel
CFM Syntax: Exclude Constraints
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
Source Feature Cardinality
Target Feature Cardinality
-
ES – Real-Time Systems Lab9 | 29.01.2016 | Thomas Schnabel
CFM Syntax: Require Constraints
SlowMoving
Channels Movement
[2,2] [1,1]
«require»«exclude»
ReliableHigh
ThroughputFast
Moving
Directed Edge
-
ES – Real-Time Systems Lab10 | 29.01.2016 | Thomas Schnabel
CFM Syntax: Require Constraints
SlowMoving
Channels Movement
[2,2] [1,1]
«require»«exclude»
ReliableHigh
ThroughputFast
Moving
Target Feature Cardinality
Source Feature Cardinality
-
ES – Real-Time Systems Lab11 | 29.01.2016 | Thomas Schnabel
CFM Syntax: Require Constraints
SlowMoving
Channels Movement
[2,2] [1,1]
«require»«exclude»
ReliableHigh
ThroughputFast
Moving
Global InterpretationIntervals restrict number of
source/target feature instances for an entire configuration
[3] M. Weckesser, M. Lochau, T. Schnabel, B. Richerzhagen, A. Schürr. Mind the Gap! Automated Anomaly Detection for Potentially Unbounded Cardinality-based Feature Models (2016)
-
ES – Real-Time Systems Lab12 | 29.01.2016 | Thomas Schnabel
CardyGAn Components
Bound Analyzer Gap Analyzer
Textual Specification
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab13 | 29.01.2016 | Thomas Schnabel
CFM: Textual Syntax
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab14 | 29.01.2016 | Thomas Schnabel
CFM: Textual Syntax
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
-
ES – Real-Time Systems Lab15 | 29.01.2016 | Thomas Schnabel
CFM: Textual Syntax
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
-
ES – Real-Time Systems Lab16 | 29.01.2016 | Thomas Schnabel
Anomaly Detection: Bound Analysis
Bound Analyzer Gap Analyzer
Textual Specification
CardFM Generator
Configuration Generator
[4] C. Quinton, D. Romero, L. Duchien. Cardinality-based Feature Models with Constraints: A Pragmatic Approach (2014)
-
ES – Real-Time Systems Lab17 | 29.01.2016 | Thomas Schnabel
Bound Analysis:
Background
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
Unbounded Group InstanceCardinality
-
ES – Real-Time Systems Lab18 | 29.01.2016 | Thomas Schnabel
Bound Analysis:
Background
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
Unbounded Group InstanceCardinality
Group Instance Cardinality =
∑Instance Cardinality Child Features
1
*
-
ES – Real-Time Systems Lab19 | 29.01.2016 | Thomas Schnabel
Bound Analysis:
Background
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
Unbounded Group InstanceCardinality
Lower Bound = 1+1
1 2
*
Dead Cardinality
-
ES – Real-Time Systems Lab20 | 29.01.2016 | Thomas Schnabel
Bound Analysis:
Background
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
Unbounded Group InstanceCardinality
Upper Bound = 32+8
1 2 40
*
Dead Cardinalities
-
ES – Real-Time Systems Lab21 | 29.01.2016 | Thomas Schnabel
Bound Analysis:
Background
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
1 2 40
*
False unbounded interval
-
ES – Real-Time Systems Lab22 | 29.01.2016 | Thomas Schnabel
Bound Analysis:
CardyGAn Workflow
TextualSpecification
ILPEncoding
ILPSolver
UserInterface
Translation
Result
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab23 | 29.01.2016 | Thomas Schnabel
Bound Analysis:
CardyGAn UI
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab24 | 29.01.2016 | Thomas Schnabel
Anomaly Detection: Gap Analysis
Bound Analyzer Gap Analyzer
Textual Specification
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab25 | 29.01.2016 | Thomas Schnabel
Gap Analysis:
Background
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
1 2 40
*
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab26 | 29.01.2016 | Thomas Schnabel
Gap Analysis:
Background
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
Mandatory
1 2 40
*
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab27 | 29.01.2016 | Thomas Schnabel
Gap Analysis:
Background
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
{,}
1 2 40
*
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab28 | 29.01.2016 | Thomas Schnabel
Gap Analysis:
Background
1 2 40
*17 22
Channels
[2,2]
«exclude»
ReliableHigh
Throughput
Group Instance Cardinality =
∑Instance Cardinality Child Features
Interval GapValues between 18 and 21
never feasible in any configuration
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab29 | 29.01.2016 | Thomas Schnabel
SMTEncoding
Gap Analysis:
CardyGAn Workflow
SMTSolver
TextualSpecification +
ILP Result
UserInterface
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
TextualSpecification
ILPEncoding
ILPSolver
-
ES – Real-Time Systems Lab30 | 29.01.2016 | Thomas Schnabel
SMTEncoding
Gap Analysis:
CardyGAn Workflow
SMTSolver
TextualSpecification +
ILP Result
UserInterface
Translation
Result
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
TextualSpecification
ILPEncoding
ILPSolver
-
ES – Real-Time Systems Lab31 | 29.01.2016 | Thomas Schnabel
Gap Analysis:
CardyGAn UI
Bound Aanalyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab32 | 29.01.2016 | Thomas Schnabel
CFM to Configuration
SlowMoving
Follower
Platoon
Channels Movement Member
[3,3]
[2,2] [1,1] [1,1]
«require»
«require» «exclude»«exclude»
LeaderReliableHigh
ThroughputFast
Moving
-
ES – Real-Time Systems Lab33 | 29.01.2016 | Thomas Schnabel
CFM to Configuration
Platoon
Channels Movement Member1
Fast Moving Leader Follower1
Member2
Reliable2
Reliable1High
Throughput2
High Throughput1
Follower2
Member2
-
ES – Real-Time Systems Lab34 | 29.01.2016 | Thomas Schnabel
CFM to Configuration
Platoon
Channels Movement Member1
Fast Moving Leader Follower1
Member2
Reliable2
Reliable1High
Throughput2
High Throughput1
Follower2
Member2
Multiple Instances
-
ES – Real-Time Systems Lab35 | 29.01.2016 | Thomas Schnabel
CFM to Configuration
Platoon
Channels Movement Member1
Fast Moving Leader Follower1
Member2
Reliable2
Reliable1High
Throughput2
High Throughput1
Follower2
Member2
Cloned Sub-Trees
-
ES – Real-Time Systems Lab36 | 29.01.2016 | Thomas Schnabel
Configuration: Textual Syntax
Channels
Reliable2
Reliable1High
Throughput2
High Throughput1
-
ES – Real-Time Systems Lab37 | 29.01.2016 | Thomas Schnabel
Configuration Validation
Bound Analyzer Gap Analyzer
Textual Specification
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab38 | 29.01.2016 | Thomas Schnabel
Configuration Validation:
CardyGAn Workflow (1)
Textual SpecificationCFM+Config
AlloyModel
AlloyAnalyzer
UserInterface
Translation
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab39 | 29.01.2016 | Thomas Schnabel
Alloy Specification (1)
abstract sig Feature {
groupCardinality: set Interval,
groupInstanceCardinality: set Interval,
cardinality: some Interval,
parent: lone Feature,
instances: set Instance
}
Alloy Meta ModelSpecifies general
structure of CFM with instances
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab40 | 29.01.2016 | Thomas Schnabel
Alloy Specification (1)
abstract sig Feature {
groupCardinality: set Interval,
groupInstanceCardinality: set Interval,
cardinality: some Interval,
parent: lone Feature,
instances: set Instance
}
Alloy Meta ModelSpecifies general
structure of CFM with instances
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Specified for all parts of theFeature Model
-
ES – Real-Time Systems Lab41 | 29.01.2016 | Thomas Schnabel
Alloy Specification (1)
abstract sig Feature {
groupCardinality: set Interval,
groupInstanceCardinality: set Interval,
cardinality: some Interval,
parent: lone Feature,
instances: set Instance
}
Alloy Meta ModelSpecifies general
structure of CFM with instances
fact groupCardinalityConstraint {
all i: Instance |
some (i.feature.~parent & FM.group)
implies
IsPossibleGroupCardinality[i.feature,
#(i.~instanceParent.feature & FM.group)]
}
Alloy FactsSpecify general
behavior of configurations
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Specified for all parts of theFeature Model
-
ES – Real-Time Systems Lab42 | 29.01.2016 | Thomas Schnabel
Alloy Specification (1)
abstract sig Feature {
groupCardinality: set Interval,
groupInstanceCardinality: set Interval,
cardinality: some Interval,
parent: lone Feature,
instances: set Instance
}
Alloy Meta ModelSpecifies general
structure of CFM with instances
fact groupCardinalityConstraint {
all i: Instance |
some (i.feature.~parent & FM.group)
implies
IsPossibleGroupCardinality[i.feature,
#(i.~instanceParent.feature & FM.group)]
}
Alloy FactsSpecify general
behavior of configurations
Multiple facts to specifyall formal constraints
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
Specified for all parts of theFeature Model
-
ES – Real-Time Systems Lab43 | 29.01.2016 | Thomas Schnabel
Alloy Specification (2)
one sig Platoon, Channels extends Feature{}
one sig instPlatoon, instChannels extends Instance{}
fact {
Channels.parent = Platoon
i1x1.lowerBound = 1
i1x1.upperBound = 1
Channels.cardinality = i1x1
i1xx1.lowerBound = 1
i1xx1.upperBound = KleeneStar
Channels.groupInstanceCardinality = i1xx1
i1x2.lowerBound = 1
i1x2.upperBound = 2
Channels.groupCardinality = i1x2
instChannels.feature = Channels
instChannels.instanceParent = instPlatoon
…
}
Alloy FactTranslate user specified
CFM and CONFIGURATION into
additional signatures and facts to restrict Alloy
validator to its concrete generation
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab44 | 29.01.2016 | Thomas Schnabel
Alloy Specification (2)
one sig Platoon, Channels extends Feature{}
one sig instPlatoon, instChannels extends Instance{}
fact {
Channels.parent = Platoon
i1x1.lowerBound = 1
i1x1.upperBound = 1
Channels.cardinality = i1x1
i1xx1.lowerBound = 1
i1xx1.upperBound = KleeneStar
Channels.groupInstanceCardinality = i1xx1
i1x2.lowerBound = 1
i1x2.upperBound = 2
Channels.groupCardinality = i1x2
instChannels.feature = Channels
instChannels.instanceParent = instPlatoon
…
}
Alloy FactTranslate user specified
CFM and CONFIGURATION into
additional signatures and facts to restrict Alloy
validator to its concrete generation
Supports validation of fulland partial configurations
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab45 | 29.01.2016 | Thomas Schnabel
Configuration Validation:
CardyGAn Workflow (2)
Textual SpecificationCFM+Config
AlloyModel
AlloyAnalyzer
UserInterface
Result
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab46 | 29.01.2016 | Thomas Schnabel
Configuration Validation:
CardyGAn UI
Bound Analyzer
Textual Specification
Gap Analyzer
CardFM Generator
Configuration Generator
-
ES – Real-Time Systems Lab47 | 29.01.2016 | Thomas Schnabel
Conclusion
• Complex structure of CFMs introduces new kinds of subtle anomalies
• Tool support necessary to automatically detect design flaws and to
guide configuration processes
• CardyGAn delivers comprehensive assistance
Publically available as Eclipse Plugin via update site:
https://raw.githubusercontent.com/
Echtzeitsysteme/cardygan/master/updatesite/
https://raw.githubusercontent.com/Echtzeitsysteme/cardygan/master/updatesite/https://raw.githubusercontent.com/Echtzeitsysteme/cardygan/master/updatesite/
-
ES – Real-Time Systems Lab48 | 29.01.2016 | Thomas Schnabel
Future Work
• “Real world” user studies planned
• Heuristics to optimize gap analysis
• Optimize Alloy-Encoding
• Concept for mapping from problem- to solution-space
-
ES – Real-Time Systems Lab49 | 29.01.2016 | Thomas Schnabel
Related Work
[1] T. Tank, N. Yee,, J. M. G. Linnartz. Vehicle-to-Vehicle
Communication for AVCS platooning (1994)
[2] M. Riebisch, K. Böllert, D. Streitferdt, I. Philippow. Extending Feature
Diagrams with UML Multiplicities (2002)
[3] M. Weckesser, M. Lochau, T. Schnabel, B. Richerzhagen, A. Schürr.
Mind the Gap! Automated Anomaly Detection for Potentially
Unbounded Cardinality-based Feature Models (2016)
[4] C. Quinton, D. Romero, L. Duchien. Cardinality-based Feature
Models with Constraints: A Pragmatic Approach (2014)
-
ES – Real-Time Systems Lab50 | 29.01.2016 | Thomas Schnabel
Thank you for your attention!
Questions?
mailto:[email protected]