Quantitative Analysis of Probabilistic Models of Software Product Lines with Statistical Model Checking

We investigate the suitability of statistical model checking techniques for analysing quantitative properties of software product line models with probabilistic aspects. For this purpose, we enrich the feature-oriented language FLan with action rates, which specify the likelihood of exhibiting particular behaviour or of installing features at a specific moment or in a specific order. The enriched language (called PFLan) allows us to specify models of software product lines with probabilistic configurations and behaviour, e.g. by considering a PFLan semantics based on discrete-time Markov chains. The Maude implementation of PFLan is combined with the distributed statistical model checker MultiVeStA to perform quantitative analyses of a simple product line case study. The presented analyses include the likelihood of certain behaviour of interest (e.g. product malfunctioning) and the expected average cost of products.Comment: In Proceedings FMSPLE 2015, arXiv:1504.0301

Coherent branching feature bisimulation

Progress in the behavioral analysis of software product lines at the family level benefits from further development of the underlying semantical theory. Here, we propose a behavioral equivalence for feature transition systems (FTS) generalizing branching bisimulation for labeled transition systems (LTS). We prove that branching feature bisimulation for an FTS of a family of products coincides with branching bisimulation for the LTS projection of each the individual products. For a restricted notion of coherent branching feature bisimulation we furthermore present a minimization algorithm and show its correctness. Although the minimization problem for coherent branching feature bisimulation is shown to be intractable, application of the algorithm in the setting of a small case study results in a significant speed-up of model checking of behavioral properties

Scaling Size and Parameter Spaces in Variability-Aware Software Performance Models (T)

In software performance engineering, what-if scenarios, architecture optimization, capacity planning, run-time adaptation, and uncertainty management of realistic models typically require the evaluation of many instances. Effective analysis is however hindered by two orthogonal sources of complexity. The first is the infamous problem of state space explosion — the analysis of a single model becomes intractable with its size. The second is due to massive parameter spaces to be explored, but such that computations cannot be reused across model instances. In this paper, we efficiently analyze many queuing models with the distinctive feature of more accurately capturing variability and uncertainty of execution rates by incorporating general (i.e., non-exponential) distributions. Applying product-line engineering methods, we consider a family of models generated by a core that evolves into concrete instances by applying simple delta operations affecting both the topology and the model's parameters. State explosion is tackled by turning to a scalable approximation based on ordinary differential equations. The entire model space is analyzed in a family-based fashion, i.e., at once using an efficient symbolic solution of a super-model that subsumes every concrete instance. Extensive numerical tests show that this is orders of magnitude faster than a naive instance-by-instance analysis

Minimization of Dynamical Systems over Monoids

Quantitative notions of bisimulation are well-known tools for the minimization of dynamical models such as Markov chains and ordinary differential equations (ODEs). In \emph{forward bisimulations}, each state in the quotient model represents an equivalence class and the dynamical evolution gives the overall sum of its members in the original model. Here we introduce generalized forward bisimulation (GFB) for dynamical systems over commutative monoids and develop a partition refinement algorithm to compute the coarsest one. When the monoid is $(\mathbb{R}, +)$, we recover %our framework recovers probabilistic bisimulation for Markov chains and more recent forward bisimulations for %systems of nonlinear ODEs. %ordinary differential equations. Using $(\mathbb{R}, \cdot)$ we get %When the monoid is $(\mathbb{R}, \cdot)$ we can obtain nonlinear reductions for discrete-time dynamical systems and ODEs %ordinary differential equations where each variable in the quotient model represents the product of original variables in the equivalence class. When the domain is a finite set such as the Booleans $\mathbb{B}$, we can apply GFB to Boolean networks (BN), a widely used dynamical model in computational biology. Using a prototype implementation of our minimization algorithm for GFB, we find disjunction- and conjunction-preserving reductions on 60 BN from two well-known repositories, and demonstrate the obtained analysis speed-ups. We also provide the biological interpretation of the reduction obtained for two selected BN, and we show how GFB enables the analysis of a large one that could not be analyzed otherwise. Using a randomized version of our algorithm we find product-preserving (therefore non-linear) reductions on 21 dynamical weighted networks from the literature that could not be handled by the exact algorithm.Comment: Accepted at Thirty-Eighth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), 202

Formal lumping of polynomial differential equations through approximate equivalences

It is well known that exact notions of model abstraction and reduction for dynamical systems may not be robust enough in practice because they are highly sensitive to the specific choice of parameters. In this paper we consider this problem for nonlinear ordinary differential equations (ODEs) with polynomial derivatives. We introduce a model reduction technique based on approximate differential equivalence, i.e., a partition of the set of ODE variables that performs an aggregation when the variables are governed by nearby derivatives. We develop algorithms to (i) compute the largest approximate differential equivalence; (ii) construct an approximately reduced model from the original one via an appropriate perturbation of the coefficients of the polynomials; and (iii) provide a formal certificate on the quality of the approximation as an error bound, computed as an over-approximation of the reachable set of the reduced model. Finally, we apply approximate differential equivalences to case studies on electric circuits, biological models, and polymerization reaction networks

White-box validation of quantitative product lines by statistical model checking and process mining

We propose a novel methodology for validating software product line (PL) models by integrating Statistical Model Checking (SMC) with Process Mining (PM). Our approach focuses on the feature-oriented language QFLan in the PL engineering domain, allowing modeling of PLs with rich cross-tree and quantitative constraints, as well as aspects of dynamic PLs like staged configurations. This richness leads to models with infinite state-space, requiring simulation-based analysis techniques like SMC. For instance, we illustrate with a running example involving infinite state space. SMC involves generating samples of system dynamics to estimate properties such as event probabilities or expected values. On the other hand, PM uses data-driven techniques on execution logs to identify and reason about the underlying execution process. In this paper, we propose, for the first time, applying PM techniques to SMC simulations' byproducts to enhance the utility of SMC analyses. Typically, when SMC results are unexpected, modelers must determine whether they stem from actual system characteristics or model bugs in a black-box manner. We improve on this by using PM to provide a white-box perspective on the observed system dynamics. Samples from SMC are fed into PM tools, producing a compact graphical representation of observed dynamics. The mined PM model is then transformed into a QFLan model, accessible to PL engineers. Using two well-known PL models, we demonstrate the effectiveness and scalability of our methodology in pinpointing issues and suggesting fixes. Additionally, we show its generality by applying it to the security domain.Comment: Pre-print Special Issue on Managing Variability in Complex Software-Intensive Systems of the Journal of Systems and Softwar

Statistical Model Checking for Product Lines

International audienceWe report on the suitability of statistical model checking forthe analysis of quantitative properties of product line models by an extendedtreatment of earlier work by the authors. The type of analysis thatcan be performed includes the likelihood of specific product behaviour,the expected average cost of products (in terms of the attributes of theproducts’ features) and the probability of features to be (un)installed atruntime. The product lines must be modelled in QFLan, which extendsthe probabilistic feature-oriented language PFLan with novel quantitativeconstraints among features and on behaviour and with advancedfeature installation options. QFLan is a rich process-algebraic specifi-cation language whose operational behaviour interacts with a store ofconstraints, neatly separating product configuration from product behaviour.The resulting probabilistic configurations and probabilistic behaviourconverge in a discrete-time Markov chain semantics, enablingthe analysis of quantitative properties. Technically, a Maude implementationof QFLan, integrated with Microsoft’s SMT constraint solver Z3,is combined with the distributed statistical model checker MultiVeStA,developed by one of the authors. We illustrate the feasibility of our frameworkby applying it to a case study of a product line of bikes

Formal Modeling and Analysis of Mobile Ad hoc Networks

Fokkink, W.J. [Promotor]Luttik, S.P. [Copromotor

Behavioral relations in a process algebra for variants

Variant Process Algebra is designed for the formal behavioral modeling of software variation, as arises, for instance, in software product line engineering. Process terms are labelled with the sets of variants, i.e., specific products, where they are enabled. A multi-modal operational semantics enables two compositional forms of reasoning. The first one is concerned with relating the behavior of a variant to the whole family. The second notion relates variants between each other, for instance to be able to formally capture the intuitive idea that a variant is a conservative extension of another, in the sense that it adds more behavior without breaking any existing one. Sufficient conditions are given to establish such a relation statically, by means of syntactic checks on process terms