Ina Schaefer

Tobias Pett, Sebastian Krieter, Thomas Thüm et al.

Ensuring the functional safety of highly configurable systems often requires testing representative subsets of all possible configurations to reduce testing effort and save resources. The ratio of covered t-wise feature interactions (i.e., T-Wise Feature Interaction Coverage) is a common criterion for determining whether a subset of configurations is representative and capable of finding faults. Existing t-wise sampling algorithms uniformly cover t-wise feature interactions for all features, resulting in lengthy execution times and large sample sizes, particularly when large t-wise feature interactions are considered (i.e., high values of t). In this paper, we introduce a novel approach to t-wise feature interaction sampling, questioning the necessity of uniform coverage across all t-wise feature interactions, called \emph{\mulTiWise{}}. Our approach prioritizes between subsets of critical and non-critical features, considering higher t-values for subsets of critical features when generating a t-wise feature interaction sample. We evaluate our approach using subject systems from real-world applications, including \busybox{}, \soletta{}, \fiasco{}, and \uclibc{}. Our results show that sacrificing uniform t-wise feature interaction coverage between all features reduces the time needed to generate a sample and the resulting sample size. Hence, \mulTiWise{} Sampling offers an alternative to existing approaches if knowledge about feature criticality is available.

Kamil Rosiak, Alexander Schlie, Lukas Linsbauer et al.

Automated production systems (aPS) are highly customized systems that consist of hardware and software. Such aPS are controlled by a programmable logic controller (PLC), often in accordance with the IEC 61131-3 standard that divides system implementation into so-called program organization units (POUs) as the smallest software unit and is comprised of multiple textual and graphical programming languages that can be arbitrarily nested. A common practice during the development of such systems is reusing implementation artifacts by copying, pasting, and then modifying code. This approach is referred to as code cloning. It is used on a fine-granular level where a POU is cloned within a system variant. It is also applied on the coarse-granular system level, where the entire system is cloned and adapted to create a system variant, for example for another customer. This ad hoc practice for the development of variants is commonly referred to as clone-and-own. It allows the fast development of variants to meet varying customer requirements or altered regulatory guidelines. However, clone-and-own is a non-sustainable approach and does not scale with an increasing number of variants. It has a detrimental effect on the overall quality of a software system, such as the propagation of bugs to other variants, which harms maintenance. In order to support the effective development and maintenance of such systems, a detailed code clone analysis is required. On the one hand, an analysis of code clones within a variant (i.e., clone detection in the classical sense) supports experts in refactoring respective code into library components. On the other hand, an analysis of commonalities and differences between cloned variants (i.e., variability analysis) supports the maintenance and further reuse and facilitates the migration of variants into a software product line (SPL).

Alexander Knüppel, Thomas Thüm, Carsten Pardylla et al.

Deductive verification of software has not yet found its way into industry, as complexity and scalability issues require highly specialized experts. The long-term perspective is, however, to develop verification tools aiding industrial software developers to find bugs or bottlenecks in software systems faster and more easily. The KeY project constitutes a framework for specifying and verifying software systems, aiming at making formal verification tools applicable for mainstream software development. To help the developers of KeY, its users, and the deductive verification community, we summarize our experiences with KeY 2.6.1 in specifying and verifying real-world Java code from a users perspective. To this end, we concentrate on parts of the Collections-API of OpenJDK 6, where an informal specification exists. While we describe how we bridged informal and formal specification, we also exhibit accompanied challenges that we encountered. Our experiences are that (a) in principle, deductive verification for API-like code bases is feasible, but requires high expertise, (b) developing formal specifications for existing code bases is still notoriously hard, and (c) the under-specification of certain language constructs in Java is challenging for tool builders. Our initial effort in specifying parts of OpenJDK 6 constitutes a stepping stone towards a case study for future research.

Sönke Holthusen, Sophie Quinton, Ina Schaefer et al.

In this paper we address the issue of change after deployment in safety-critical embedded system applications. Our goal is to substitute lab-based verification with in-field formal analysis to determine whether an update may be safely applied. This is challenging because it requires an automated process able to handle multiple viewpoints such as functional correctness, timing, etc. For this purpose, we propose an original methodology for contract-based negotiation of software updates. The use of contracts allows us to cleanly split the verification effort between the lab and the field. In addition, we show how to rely on existing viewpoint-specific methods for update negotiation. We illustrate our approach on a concrete example inspired by the automotive domain.

Matthias Kowal, Ina Schaefer

Automation systems exist in many variants and may evolve over time in order to deal with different environment contexts or to fulfill changing customer requirements. This induces an increased complexity during design-time as well as tedious maintenance efforts. We already proposed a multi-perspective modeling approach to improve the development of such systems. It operates on different levels of abstraction by using well-known UML-models with activity, composite structure and state chart models. Each perspective was enriched with delta modeling to manage variability and evolution. As an extension, we now focus on the development of an efficient consistency checking method at several levels to ensure valid variants of the automation system. Consistency checking must be provided for each perspective in isolation, in-between the perspectives as well as after the application of a delta.

Uwe Lesta, Ina Schaefer, Tim Winkelmann

Product configuration systems are often based on a variability model. The development of a variability model is a time consuming and error-prone process. Considering the ongoing development of products, the variability model has to be adapted frequently. These changes often lead to mistakes, such that some products cannot be derived from the model anymore, that undesired products are derivable or that there are contradictions in the variability model. In this paper, we propose an approach to discover and to explain contradictions in attributed feature models efficiently in order to assist the developer with the correction of mistakes. We use extended feature models with attributes and arithmetic constraints, translate them into a constraint satisfaction problem and explore those for contradictions. When a contradiction is found, the constraints are searched for a set of contradicting relations by the QuickXplain algorithm.

Arne Haber, Holger Rendel, Bernhard Rumpe et al.

Architectural modeling is an integral part of modern software development. In particular, diverse systems benefit from precise architectural models since similar components can often be reused between different system variants. However, during all phases of diverse system development, system variability has to be considered and modeled by appropriate means. Delta modeling is a language-independent approach for modeling system variability. A set of diverse systems is represented by a core system and a set of deltas specifying modifications to the core system. In this paper, we give a first sketch of how to apply delta modeling in MontiArc, an existing architecture description language, in order to obtain an integrated modeling language for architectural variability. The developed language, MontiArc, allows the modular modeling of variable software architectures and supports proactive as well as extractive product line development.

Arne Haber, Holger Renel, Bernhard Rumpe et al.

Hierarchically decomposed component-based system development reduces design complexity by supporting distribution of work and component reuse. For product line development, the variability of the components to be deployed in different products has to be represented by appropriate means. In this paper, we propose hierarchical variability modeling which allows specifying component variability integrated with the component hierarchy and locally to the components. Components can contain variation points determining where components may vary. Associated variants define how this variability can be realized in different component configurations. We present a meta model for hierarchical variability modeling to formalize the conceptual ideas. In order to obtain an implementation of the proposed approach together with tool support, we extend the existing architectural description language MontiArc with hierarchical variability modeling. We illustrate the presented approach using an example from the automotive systems domain.

Arne Haber, Thomas Kutz, Holger Rendel et al.

Modeling of software architectures is a fundamental part of software development processes. Reuse of software components and early analysis of software topologies allow the reduction of development costs and increases software quality. Integrating variability modeling concepts into architecture description languages (ADLs) is essential for the development of diverse software systems with high demands on software quality. In this paper, we present the integration of delta modeling into the existing ADL MontiArc. Delta modeling is a language-independent variability modeling approach supporting proactive, reactive and extractive product line development. We show how ?-MontiArc, a language for explicit modeling of architectural variability based on delta modeling, is implemented as domain-specific language (DSL) using the DSL development framework MontiCore. We also demonstrate how MontiCore's language reuse mechanisms provide efficient means to derive an implementation of ?-MontiArc tool implementation. We evaluate ?-Monti-Arc by comparing it with annotative variability modeling.

Arne Haber, Thomas Kutz, Holger Rendel et al.

Modeling variability in software architectures is a fundamental part of software product line development. ?-MontiArc allows describing architectural variability in a modular way by a designated core architecture and a set of architectural delta models modifying the core architecture to realize other architecture variants. Delta models have to satisfy a set of applicability conditions for the definedness of the architectural variants. The applicability conditions can in principle be checked by generating all possible architecture variants, which requires considering the same intermediate architectures repeatedly. In order to reuse previously computed architecture variants, we propose a family-based analysis of the applicability conditions using the concept of inverse deltas.

Arne Haber, Holger Renel, Bernhard Rumpe et al.

Diversity is prevalent in modern software systems. Several system variants exist at the same time in order to adapt to changing user requirements. Additionally, software systems evolve over time in order to adjust to unanticipated changes in their application environment. In modern software development, software architecture modeling is an important means to deal with system complexity by architectural decomposition. This leads to the need of architectural description languages that can represent spatial and temporal variability. In this paper, we present delta modeling of software architectures as a uniform modeling formalism for architectural variability in space and in time. In order to avoid degeneration of the product line model under system evolution, we present refactoring techniques to maintain and improve the quality of the variability model. Using a running example from the automotive domain, we evaluate our approach by carrying out a case study that compares delta modeling with annotative variability modeling.

Arne Haber, Katrin Hölldobler, Carsten Kolassa et al.

Delta modeling is a modular, yet flexible approach to capture spatial and temporal variability by explicitly representing the differences between system variants or versions. The conceptual idea of delta modeling is language-independent. But, in order to apply delta modeling for a concrete language, so far, a delta language had to be manually developed on top of the base language leading to a large variety of heterogeneous language concepts. In this paper, we present a process that allows deriving a delta language from the grammar of a given base language. Our approach relies on an automatically generated language extension that can be manually adapted to meet domain-specific needs. We illustrate our approach using delta modeling on a textual variant of statecharts.

Arne Haber, Carsten Kolassa, Peter Manhart et al.

Modern cars exist in an vast number of variants. Thus, variability has to be dealt with in all phases of the development process, in particular during model-based development of software-intensive functionality using Matlab/Simulink. Currently, variability is often encoded within a functional model leading to so called 150%-models which easily become very complex and do not scale for larger product lines. To counter these problems, we propose a modular variability modeling approach for Matlab/Simulink based on the concept of delta modeling [8, 9, 24]. A functional variant is described by a delta encapsulating a set of modifications. A sequence of deltas can be applied to a core product to derive the desired variant. We present a prototypical implementation, which is integrated into Matlab/Simulink and offers graphical editing of delta models.