Safe Generation in Feature-Oriented Software Development Sven Apel



Similar documents
Type-Safe Feature-Oriented Product Lines

Colligens: A Tool to Support the Development of Preprocessor-based Software Product Lines in C

A Case Study in Using ACL2 for Feature-Oriented Verification

How To Combine Feature-Oriented And Aspect-Oriented Programming To Support Software Evolution

Model-based Test Case Generation for (Dynamic) Software Product Lines

Feature-Oriented Software Development

An Overview of Feature-Oriented Software Development

Combining Feature-Oriented and Aspect-Oriented Programming to Support Software Evolution

Verification of Software Product Lines Using Contracts

Using Eclipse CDT/PTP for Static Analysis

FeatureIDE: An Extensible Framework for Feature-Oriented Software Development

Generating Aspect Code from UML Models

today 1,700 special programming languages used to communicate in over 700 application areas.

How to Write a Checker in 24 Hours

SPLConfig: Product Configuration in Software Product Line

VisCG: Creating an Eclipse Call Graph Visualization Plug-in. Kenta Hasui, Undergraduate Student at Vassar College Class of 2015

RobbyDBMS A Case Study on Hardware/Software Product Line Engineering

Bridging the Gap between Variability in Client Application and Database Schema

Introduction to Data-flow analysis

The CompCert verified C compiler

Integration of Application Business Logic and Business Rules with DSL and AOP

Using Library Dependencies for Clustering

CHAPTER 20 TESING WEB APPLICATIONS. Overview

Optimizing Generation of Object Graphs in Java PathFinder

mbeddr: an Extensible C-based Programming Language and IDE for Embedded Systems

An Algebra for Feature-Oriented Software Development

Visualizing Information Flow through C Programs

International Workshop on Field Programmable Logic and Applications, FPL '99

The Timing Definition Language (TDL)

Development of a Feature Modeling Tool using Microsoft DSL Tools.

SCADE System Technical Data Sheet. System Requirements Analysis. Technical Data Sheet SCADE System

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

FAME-DBMS: Tailor-made Data Management Solutions for Embedded Systems

Programming Without a Call Stack: Event-driven Architectures

Unification of AOP and FOP in Model Driven Development

INF5140: Specification and Verification of Parallel Systems

Generating Test Cases With High Branch Coverage for Web Applications

Metrics for Analyzing the Quality of Model Transformations

A Security Domain Model for Static Analysis and Verification of Software Programs

A Classification of Model Checking-based Verification Approaches for Software Models

Dsc+Mock: A Test Case + Mock Class Generator in Support of Coding Against Interfaces

To Java SE 8, and Beyond (Plan B)

Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants. Benoit Baudry, Simon Allier, Martin Monperrus

Embedded Software Development with MPS

Semantic Analysis: Types and Type Checking

Dungeon: A Case Study of Feature-Oriented Programming with Virtual Classes

Graph-Based Linking and Visualization for Legislation Documents (GLVD) Dincer Gultemen & Tom van Engers

Industrial Adoption of Automatically Extracted GUI Models for Testing

Software security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security

CS 6371: Advanced Programming Languages

Chapter 13 Configuration Management

VeriTech - A Framework for Translating among Model Description Notations

Verifying Semantic of System Composition for an Aspect-Oriented Approach

Tool Support for Inspecting the Code Quality of HPC Applications

Lecture 2 Introduction to Data Flow Analysis

Processing and data collection of program structures in open source repositories

Principles of Software Construction: Objects, Design, and Concurrency. Course Introduction. toad. toad Fall School of Computer Science

A TOOL FOR DATA STRUCTURE VISUALIZATION AND USER-DEFINED ALGORITHM ANIMATION

Chapter 13 Configuration Management

How To Detect A Buffer Overflow Vulnerability In Binary Code

B) Using Processor-Cache Affinity Information in Shared Memory Multiprocessor Scheduling

Development of Tool Extensions with MOFLON

Graph Analytics in Big Data. John Feo Pacific Northwest National Laboratory

Fun with Phantom Types

Research Overview in. Formal Method in Software Engineering Laboratory

Demonstration of an Automated Integrated Test Environment for Web-based Applications

Applications of formal verification for secure Cloud environments at CEA LIST

Towards practical reactive security audit using extended static checkers 1

Testing Software Product Lines Using Incremental Test Generation

Habanero Extreme Scale Software Research Project

Introducing Formal Methods. Software Engineering and Formal Methods

mbeddr: an Extensible MPS-based Programming Language and IDE for Embedded Systems

NP-complete? NP-hard? Some Foundations of Complexity. Prof. Sven Hartmann Clausthal University of Technology Department of Informatics

Rigorous Software Development CSCI-GA

Fabio Patrizi DIS Sapienza - University of Rome

Questions? Assignment. Techniques for Gathering Requirements. Gathering and Analysing Requirements

Variability in Service-Oriented Systems: An Analysis of Existing Approaches

Graph-Grammar Based Completion and Transformation of SDL/UML-Diagrams

Revel8or: Model Driven Capacity Planning Tool Suite

Writing a C-based Client/Server

Integrated Model-based Software Development and Testing with CSD and MTest

Transcription:

Safe Generation in Feature-Oriented Software Development Sven Apel Lehrstuhl für Programmierung Universität Passau

Software Product Line Engineering OS FAME-DBMS BufferMgr Statistics Storage Domain Analysis Nut/OS Win Persistent InMemory API B-Tree Heap Alloc Paging Get Put Del Static Dynamic LRU LFU optional mandatory AND XOR OR Slide - 2

Software Product Line Engineering OS FAME-DBMS BufferMgr Statistics Storage Domain Analysis Nut/OS Win Persistent InMemory API B-Tree Heap Alloc Paging Get Put Del Static Dynamic LRU LFU optional mandatory AND XOR OR... OS Nut/OS Win API Get Put Del... Slide - 3

Feature-Oriented Software Development OS FAME-DBMS BufferMgr Statistics Storage Domain Analysis Nut/OS Win Persistent InMemory API B-Tree Heap Alloc Paging Get Put Del Static Dynamic LRU LFU... Design & Implementation Slide - 4

Compositional Approach = = = = Slide - 5

Safe Generation Is a generated product correct? Are all products of a product line correct? =??? Slide - 6

What Do We Mean by Correctness? Syntactic correctness Type correctness Behavioral correctness Slide - 7

Type Correctness Do all valid feature selections produce products without type errors? Basic Graph class Edge { Weight refines class Edge { Weight weight = new Weight(); Dijkstra class Dijkstra { Path run(graph g) { e.weight; Slide - 8

Type Correctness Do all valid feature selections produce products without type errors? Basic Graph class Edge { Weight refines class Edge { Weight weight = new Weight(); Dijkstra class Dijkstra { Path run(graph g) { e.weight; Slide - 9

Type Correctness Do all valid feature selections produce products without type errors? Basic Graph class Edge { Dijkstra class Dijkstra { Path run(graph g) { e.weight; Slide - 10

How Can We Check Type Correctness? Generate all valid programs and use an ordinary type system, e.g., the Java compiler for AHEAD Not feasible for a growing number of features Check the product line s code base and use information on valid feature combinations product line type system Slide - 11

Product Line Type System Software Product Line Generation Generation Variant A Variant B Generation Check Variant C Slide - 12

Product Line Type System Software Product Line Generation Generation Variant A Correct Variant B Generation Check Variant C Slide - 13

Product Line Type System Software Product Line Generation Generation Variant A Correct Variant B Correct Generation Check Variant C Slide - 14

Product Line Type System Software Product Line Generation Generation Variant A Correct Variant B Correct Generation Check Variant C Correct Slide - 15

Product Line Type System Details Enrich type rules with presence checks Method invocation Field access Object instantiation Class well-formedness Method well-formedness Subtyping Pattern for additional type checks: Referenced element or type must be present in every valid variant in which also the feature of the referencing element or type is present. Slide - 16

Product Line Type System Details Enrich type rules with presence checks Method bar must be present in every valid variant in which also method foo is present. solving a simple SAT problem. Feature A foo() Feature B bar() Feature C bar() Feature Model A B C Slide - 17

Product Line Type System Formally Feature Featherweight Java [Apel et al., GPCE'08], [Apel et al., J. ASE'10] Slide - 18

Product Line Type System Formally Feature Featherweight Java [Apel et al., GPCE'08], [Apel et al., J. ASE'10] Proved theorems of product line type system Soundness: all programs of a well-typed product line are well-typed Completeness: for a set of well-typed programs there is a well-typed product line Prototype implementation in Haskell Slide - 19

What Do We Mean by Correctness? Syntactic correctness Type correctness Behavioral correctness Slide - 20

Behavioral Correctness CorrectSum int sum(int a, int b) { return a + b; WrongSum int sum(int a, int b) { return a - b; Feature Model UseSum CorrectSum WrongSum UseSum int c = sum(a, b); Slide - 21

Potential Causes of Behavioral Errors Semantic dependence Feature interaction Slide - 22

Semantic Dependence A feature depends on the presence of another feature without referring to that feature there may be no syntactic relationship Tree BinaryTree Algorithm SearchTree BinarySearch Semantic Dependence Slide - 23

Feature Interaction Two features may work correct in isolation but exhibit erroneous behavior in combination there may be no syntactic relationships Phone CallWaiting CallForwarding Feature Interaction Slide - 24

What is the Problem? Undocumented dependences and interactions Type system reports no errors Compiler produces a runnable program Errors may arise only after a long operation time Slide - 25

Method of Resolution Feature-oriented specification and design Feature-oriented verification Domain Analysis Domain Design & Specification Implementation Product Derivation Slide - 26

Feature-Oriented Design with FeatureAlloy Based on Alloy [Jackson, TOSEM 2002] Textual, general purpose modeling language module Graph one sig Graph { nodes : set Node { Node in nodes sig Node { inedges : set Edge, outedges : set Edge, edges = inedges + outedges sig Edge { src : one Node, dest : one Node fact prevnext { all n: Node, e: Edge (n in e.src <=> e in n.outedges) && (n in e.dest <=> e in n.inedges) Slide - 27

Feature-Oriented Design with FeatureAlloy Based on Alloy [Jackson, TOSEM 2002] Textual, general purpose modeling language Automatic reasoning facilities Alloy Analyzer module Graph one sig Graph { sig Node { sig Edge { fact prevnext { pred nodoubleedges { all e, e : Edge e!= e => e.(src + dest)!= e.(src + dest) run nodoubleedges for 5 assert hasnodoubleedges {!nodoubleedges check hasnodoubleedges for 5 Slide - 28

Feature-Oriented Design with FeatureAlloy Based on Alloy [Jackson, TOSEM 2002] Textual, general purpose modeling language Automatic reasoning facilities Alloy Analyzer Visualization facilities Alloy Analyzer Slide - 29

Model Features in Separate Units Graph Example Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { Tree refines module Graph pred isconnected { some n: Node (Graph.nodes = n) (Graph.nodes = n.^(edges.(src + dest))) pred nocycles { all n: Node n not in (n.^(outedges.dest) + n.^(inedges.src)) pred loneparent { all n: Node lone n.inedges fact istree { nodoubleedges && isconnected && nocycles && loneparent Slide - 30

Feature Composition Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { Tree refines module Graph pred isconnected { pred nocycles { pred loneparent { fact istree { Slide - 31

Feature Composition Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { Tree refines module Graph pred isconnected { pred nocycles { pred loneparent { fact istree { FeatureAlloy Composer * Graph Tree module Graph one sig Graph { sig Node { sig Edge { fact prevnext { pred isconnected { pred nocycles { pred loneparent { fact istree { * Plug-in of FeatureHouse Slide - 32

Feature Composition Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { Tree refines module Graph pred isconnected { pred nocycles { pred loneparent { fact istree { FeatureAlloy Composer Graph Tree module Graph one sig Graph { sig Node { sig Edge { fact prevnext { pred isconnected { pred nocycles { pred loneparent { fact istree { Alloy Analyzer Slide - 33

Semantic Dependences Graph Example Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { Tree refines module Graph pred isconnected { pred nocycles { pred loneparent { fact istree { BinaryTree refines module Graph fact binarytree { all n: Node #n.outedges =< 2 assert istree { all e, e : Edge e!= e => e.(src + dest)!= e.(src + dest) some n: Node (Graph.nodes = n) (Graph.nodes = n.^(edges.(src + dest))) all n: Node n not in (n.^(outedges.dest) + n.^(inedges.src)) all n: Node lone n.inedges check istree for 5 Semantic Dependence Slide - 34

Semantic Dependences Graph Example Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { Tree refines module Graph pred isconnected { pred nocycles { pred loneparent { fact istree { BinaryTree refines module Graph fact binarytree { all n: Node #n.outedges =< 2 assert istree { all e, e : Edge e!= e => e.(src + dest)!= e.(src + dest) some n: Node (Graph.nodes = n) (Graph.nodes = n.^(edges.(src + dest))) all n: Node n not in (n.^(outedges.dest) + n.^(inedges.src)) all n: Node lone n.inedges check istree for 5 Semantic Dependence Slide - 35

Semantic Dependences Graph Example Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { Tree refines module Graph pred isconnected { pred nocycles { pred loneparent { fact istree { BinaryTree refines module Graph fact binarytree { assert istree { check istree for 5 SearchTree refines module Graph sig LeftEdge, RightEdge extends Edge { fact searchtree { assert isbinarytree { check isbinarytree for 5 BinarySearch refines module Graph fact definesearchrel { fun search [n: Node, i: Int] : one Node { assert issearchtree { check issearchtree for 5 Slide - 36

Semantic Dependences Graph Example Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { Tree refines module Graph pred isconnected { pred nocycles { pred loneparent { fact istree { BinaryTree refines module Graph fact binarytree { assert istree { check istree for 5 SearchTree refines module Graph sig LeftEdge, RightEdge extends Edge { fact searchtree { assert isbinarytree { check isbinarytree for 5 BinarySearch refines module Graph fact definesearchrel { fun search [n: Node, i: Int] : one Node { assert issearchtree { check issearchtree for 5 Slide - 37

Detect Unresolved Dependences Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { BinarySearch refines module Graph fact definesearchrel { fun search [n: Node, i: Int] : one Node { assert issearchtree { check issearchtree for 5 Slide - 38

Detect Unresolved Dependences Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { BinarySearch refines module Graph fact definesearchrel { fun search [n: Node, i: Int] : one Node { assert issearchtree { check issearchtree for 5 FeatureAlloy Composer Graph BinarySearch module Graph one sig Graph { sig Node { sig Edge { fact prevnext { fact definesearchrel { fun search [n: Node, i: Int] : one Node { assert issearchtree { check issearchtree for 5 Slide - 39

Detect Unresolved Dependences Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { BinarySearch refines module Graph fact definesearchrel { fun search [n: Node, i: Int] : one Node { assert issearchtree { check issearchtree for 5 FeatureAlloy Composer Graph BinarySearch module Graph one sig Graph { sig Node { sig Edge { fact prevnext { fact definesearchrel { fun search [n: Node, i: Int] : one Node { assert issearchtree { check issearchtree for 5 Alloy Analyzer??? Slide - 40

Detect Unresolved Dependences Graph module Graph one sig Graph { sig Node { sig Edge { fact prevnext { BinarySearch refines module Graph fact definesearchrel { fun search [n: Node, i: Int] : one Node { assert issearchtree { check issearchtree for 5 FeatureAlloy Composer Graph BinarySearch module Graph one sig Graph { sig Node { sig Edge { fact prevnext { fact definesearchrel { fun search [n: Node, i: Int] : one Node { assert issearchtree { check issearchtree for 5 Alloy Analyzer Slide - 41

Feature Interactions Phone Example BasicPhone module Phone sig Phone {... abstract sig State { one sig Idle, Busy extends State {... pred incomingcall [in: Call, disj p, p : Phone] {... CallForwarding refines module Phone refines sig Phone { forward: lone Phone refines pred incomingcall [in: Call, disj p, p : Phone] {... assert isforwarded {... check isforwarded for 5 CallWaiting refines module Phone refines sig Phone { waitingcall: set Call... one sig Suspended extends State { refines pred incomingcall [in: Call, disj p, p : Phone] {... assert issuspended {... check issuspended for 5 Slide - 42

Feature Interactions Phone Example BasicPhone module Phone sig Phone {... abstract sig State { one sig Idle, Busy extends State {... pred incomingcall [in: Call, disj p, p : Phone] {... CallForwarding refines module Phone refines sig Phone { forward: lone Phone refines pred incomingcall [in: Call, disj p, p : Phone] {... assert isforwarded {... check isforwarded for 5 CallWaiting refines module Phone refines sig Phone { waitingcall: set Call... one sig Suspended extends State { refines pred incomingcall [in: Call, disj p, p : Phone] {... assert issuspended {... check issuspended for 5 Slide - 43

Feature Interactions Phone Example BasicPhone module Phone sig Phone {... abstract sig State { one sig Idle, Busy extends State {... pred incomingcall [in: Call, disj p, p : Phone] {... CallForwarding refines module Phone refines sig Phone { forward: lone Phone refines pred incomingcall [in: Call, disj p, p : Phone] {... assert isforwarded {... check isforwarded for 5 FeatureAlloy Composer Alloy Analyzer Slide - 44

Feature Interactions Phone Example BasicPhone module Phone sig Phone {... abstract sig State { one sig Idle, Busy extends State {... pred incomingcall [in: Call, disj p, p : Phone] {... FeatureAlloy Composer Alloy Analyzer CallWaiting refines module Phone refines sig Phone { waitingcall: set Call... one sig Suspended extends State { refines pred incomingcall [in: Call, disj p, p : Phone] {... assert issuspended {... check issuspended for 5 Slide - 45

Feature Interactions Phone Example BasicPhone module Phone sig Phone {... abstract sig State { one sig Idle, Busy extends State {... pred incomingcall [in: Call, disj p, p : Phone] {... CallForwarding refines module Phone refines sig Phone { forward: lone Phone refines pred incomingcall [in: Call, disj p, p : Phone] {... assert isforwarded {... check isforwarded for 5 FeatureAlloy Composer Alloy Analyzer CallWaiting refines module Phone refines sig Phone { waitingcall: set Call... one sig Suspended extends State { refines pred incomingcall [in: Call, disj p, p : Phone] {... assert issuspended {... check issuspended for 5 Slide - 46

Tool Chain and Case Studies Composition with FeatureAlloy@FeatureHouse [Apel et al., ICSE'09] Analysis with Alloy Analyzer Case study # Features # Semantic dependences # Feature interactions Graph product line 7 4 0 Phone system 3 0 1 Content addressable network 8 1 2 POSIX file system 8 0 1 Slide - 47

Feature-Oriented Verification Question: If we have a correct model, how do we know that the actual implementation is correct? Slide - 48

Feature-Oriented Verification Question: If we have a correct model, how do we know that the actual implementation is correct? Answer: Feature-oriented verification at implementation level Domain Domain Design Analysis & Specification Implementation Product Derivation Slide - 49

Feature-Oriented Verification Email Example* EncryptMessage BasicEmailSystem SignMessage DecryptMessage ForwardMessage Addressbook VerifyMessage AutoResponder FilterMessage MailHost RemailMessage * [Hall, J. ASE 2005] Slide - 50

Feature-Oriented Verification Email Example Encrypt void encrypt (struct client *client, struct email *msg) { int i; for (i = 0; i < (*client).keyssize; i++) { if (strncmp (((*client).keys + i * MAX), (*msg).to, strlen ((*msg).to)) == 0) { printf ("> encrypted\n"); char newbody[max] = "[encrypted]\n"; strcat (newbody, (*msg).body); strcpy ((*msg).body, newbody); break; void outgoing (struct client *client, struct email *msg) { encrypt (client, msg); original (client, msg); void setkeys (struct client *client, char *keys, int size) { (*client).keys = keys; (*client).keyssize = size; process call(mail(msg)) &&!isencrypted(msg) && currentid == msg.id error init call(incoming(msg)) && isencrypted(msg) currentid = msg.id Slide - 51

Feature-Oriented Verification Email Example Encrypt process void encrypt (struct client *client, struct email *msg) { int i; for (i = 0; i < (*client).keyssize; i++) { if (strncmp (((*client).keys + i * MAX), (*msg).to, strlen ((*msg).to)) == 0) { printf ("> encrypted\n"); char newbody[max] = "[encrypted]\n"; strcat (newbody, (*msg).body); strcpy ((*msg).body, newbody); break; void outgoing (struct client *client, struct email *msg) { encrypt (client, msg); original (client, msg); void setkeys (struct client *client, char *keys, int size) { (*client).keys = keys; (*client).keyssize = size; call(incoming(msg)) && isencrypted(msg) currentid = msg.id call(mail(msg)) &&!isencrypted(msg) && currentid == msg.id error init Slide - 52

Feature-Oriented Verification Overview Encrypt void encrypt (struct client *client, struct email *msg) { int i; for (i = 0; i < (*client).keyssize; i++) { if (strncmp (((*client).keys + i * MAX), (*msg).to, strlen ((*msg).to)) == 0) { printf ("> encrypted\n"); char newbody[max] = "[encrypted]\n"; strcat (newbody, (*msg).body); strcpy ((*msg).body, newbody); break; void outgoing (struct client *client, struct email *msg) { encrypt (client, msg); original (client, msg); void setkeys (struct client *client, char *keys, int size) { (*client).keys = keys; (*client).keyssize = size; process init error Forward FeatureC Composer CPA Model Checker void encrypt (struct client *client, struct email *msg) { int i; for (i = 0; i < (*client).keyssize; i++) { if (strncmp (((*client).keys + i * MAX), (*msg).to, strlen ((*msg).to)) == 0) { printf ("> encrypted\n"); char newbody[max] = "[encrypted]\n"; strcat (newbody, (*msg).body); strcpy ((*msg).body, newbody); break; void outgoing (struct client *client, struct email *msg) { encrypt (client, msg); original (client, msg); void setkeys (struct client *client, char *keys, int size) { (*client).keys = keys; (*client).keyssize = size; init error Slide - 53

Feature-Oriented Verification Overview Encrypt void encrypt (struct client *client, struct email *msg) { int i; for (i = 0; i < (*client).keyssize; i++) { if (strncmp (((*client).keys + i * MAX), (*msg).to, strlen ((*msg).to)) == 0) { printf ("> encrypted\n"); char newbody[max] = "[encrypted]\n"; strcat (newbody, (*msg).body); strcpy ((*msg).body, newbody); break; void outgoing (struct client *client, struct email *msg) { encrypt (client, msg); original (client, msg); void setkeys (struct client *client, char *keys, int size) { (*client).keys = keys; (*client).keyssize = size; Step 1: Composition process init error Forward FeatureC Composer CPA Model Checker void encrypt (struct client *client, struct email *msg) { int i; for (i = 0; i < (*client).keyssize; i++) { if (strncmp (((*client).keys + i * MAX), (*msg).to, strlen ((*msg).to)) == 0) { printf ("> encrypted\n"); char newbody[max] = "[encrypted]\n"; strcat (newbody, (*msg).body); strcpy ((*msg).body, newbody); break; void outgoing (struct client *client, struct email *msg) { encrypt (client, msg); original (client, msg); void setkeys (struct client *client, char *keys, int size) { (*client).keys = keys; (*client).keyssize = size; init error Slide - 54

Feature-Oriented Verification Overview Encrypt void encrypt (struct client *client, struct email *msg) { int i; for (i = 0; i < (*client).keyssize; i++) { if (strncmp (((*client).keys + i * MAX), (*msg).to, strlen ((*msg).to)) == 0) { printf ("> encrypted\n"); char newbody[max] = "[encrypted]\n"; strcat (newbody, (*msg).body); strcpy ((*msg).body, newbody); break; void outgoing (struct client *client, struct email *msg) { encrypt (client, msg); original (client, msg); void setkeys (struct client *client, char *keys, int size) { (*client).keys = keys; (*client).keyssize = size; Step 2: Model Checking process init error Forward FeatureC Composer CPA Model Checker void encrypt (struct client *client, struct email *msg) { int i; for (i = 0; i < (*client).keyssize; i++) { if (strncmp (((*client).keys + i * MAX), (*msg).to, strlen ((*msg).to)) == 0) { printf ("> encrypted\n"); char newbody[max] = "[encrypted]\n"; strcat (newbody, (*msg).body); strcpy ((*msg).body, newbody); break; void outgoing (struct client *client, struct email *msg) { encrypt (client, msg); original (client, msg); void setkeys (struct client *client, char *keys, int size) { (*client).keys = keys; (*client).keyssize = size; init error Slide - 55

Tool Chain and Case Study Tool chain Composition with FeatureC@FeatureHouse [Apel et al., ICSE'09] Specification of observer automata (currently hand-coded) Model checking with CPA Checker (successor of BLAST [Beyer et al., STTT 2007]) Case study: Email System [Hall, J. ASE 2005] 10 features (7 implemented) 26 interactions (10 can be detected modularly) Slide - 56

Conclusion Feature-oriented software development Safe generation of software products Product line type system Feature-oriented specification and design Feature-oriented verification Slide - 57

FOSD Events 2nd Workshop on Feature-Oriented Software Development, in conjunction with GPCE and SLE 2010 Dagstuhl Seminar: Feature-Oriented Software Development (No. 11021). January 9th - 14th, 2011. Slide - 58

Questions? Contact information Sven Apel, University of Passau, Germany http://www.infosun.fim.uni-passau.de/cl/staff/apel/ apel@uni-passau.de FeatureHouse http://www.fosd.de/fh Related publications Sven Apel and Christian Kästner. An Overview of Feature-Oriented Software Development. Journal of Object Technology (JOT), 8(5):49 84, July 2009. Sven Apel, Christian Kästner, and Christian Lengauer. FeatureHouse: Language- Independent, Automated Software Composition. In Proc. ACM/IEEE International Conference on Software Engineering (ICSE), pages 221 231. IEEE, May 2009. Sven Apel, Christian Kästner, Armin Größlinger, and Christian Lengauer. Type Safety for Feature-Oriented Product Lines. Automated Software Engineering An International Journal. 2010. Slide - 59

Detected Interactions in the Email Example AddressBook vs. EncryptMessage SignMessage vs. VerifySignature SignMessage vs. ForwardMessage EncryptMessage vs. DecryptMessage EncryptMessage vs. VerifySignature EncryptMessage vs. AutoResponder EncryptMessage vs. AutoResponder EncryptMessage vs. ForwardMessage DecryptMessage vs. AutoResponder VerifySignature vs. ForwardMessage Slide - 60

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information