Skip to main content
SpringerLink
Log in

FLAME: a formal framework for the automated analysis of software product lines validated by automated specification testing

  • Regular Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

In a literature review on the last 20 years of automated analysis of feature models, the formalization of analysis operations was identified as the most relevant challenge in the field. This formalization could provide very valuable assets for tool developers such as a precise definition of the analysis operations and, what is more, a reference implementation, i.e., a trustworthy, not necessarily efficient implementation to compare different tools outputs. In this article, we present the FLAME framework as the result of facing this challenge. FLAME is a formal framework that can be used to formally specify not only feature models, but other variability modeling languages (VML s) as well. This reusability is achieved by its two-layered architecture. The abstract foundation layer is the bottom layer in which all VML-independent analysis operations and concepts are specified. On top of the foundation layer, a family of characteristic model layers—one for each VML to be formally specified—can be developed by redefining some abstract types and relations. The verification and validation of FLAME has followed a process in which formal verification has been performed traditionally by manual theorem proving, but validation has been performed by integrating our experience on metamorphic testing of variability analysis tools, something that has shown to be much more effective than manually designed test cases. To follow this automated, test-based validation approach, the specification of FLAME, written in Z, was translated into Prolog and 20,000 random tests were automatically generated and executed. Tests results helped to discover some inconsistencies not only in the formal specification, but also in the previous informal definitions of the analysis operations and in current analysis tools. After this process, the Prolog implementation of FLAME is being used as a reference implementation for some tool developers, some analysis operations have been formally specified for the first time with more generic semantics, and more VML s are being formally specified using FLAME.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Notes

  1. As defined by Batory [5], this is very similar to the concept of formal languages. In SPL s, the alphabet is the set of features, the grammar is the characteristic model, and the language is the set of all products that are instances of the characteristic model.

  2. In Z, \({\mathbb P}S\) denotes the powerset of the set S, containing all possible subsets of S, even the infinite ones. On the other hand, \({\mathbb F}S\) denotes the finite powerset of S, containing finite subsets only. If the empty set is excluded, the notation becomes \({\mathbb P}_1\) and \({\mathbb F}_1\). Notice that if S is finite, \({\mathbb P}S\) and \({\mathbb F}S\) are the same.

  3. The size of the power set of a set S is 2 raised to the power of the number of elements in S.

  4. The generalized intersection over A, being A a set of sets, is the set consisting of all objects belonging to every set in A.

  5. The generalized union over A, being A a set of sets, is the set consisting of all objects belonging to any set in A.

  6. The commonality factor of a single feature f is the commonality factor of a configuration with the single feature f as selected and no removed features, i.e., .

  7. The use of the summation symbol (\(\varSigma \)) over the elements of a set is not explicitly defined in Z, but we have decided to use it for the sake of understandability.

  8. Other approaches like [5] propose the use of propositional logic, e.g., well-formed formulas, for CTCs. See for example [7], in which a very preliminary version of this work includes them.

  9. The generalized bag union over A, being A a bag of bags, is the bag consisting on the union of all the bags in A. Although it is not explicitly defined in Z, we have decided to use it for the sake of understandability.

References

  1. Acher, M., Collet, P., Lahire, P., France, R.: Familiar: a domain-specific language for large scale management of feature models. Sci. Comput. Program. 78(6), 657–681 (2013)

    Article  Google Scholar 

  2. Achour, I., Labed, L., Ben Ghezala, H.: Towards an extended tool for analysis of extended feature models. In: International Symposium on Networks, Computers and Communications, pp. 1–5 (June 2014)

  3. AHEAD Tool Suite. http://www.cs.utexas.edu/users/schwartz/ATS.html. Accessed March 2015

  4. Bachmeyer, R., Delugach, H.: A conceptual graph approach to feature modeling. In: International Conference on Conceptual Structures, pp. 179–191 (2007)

  5. Batory, D.: Feature models, grammars, and propositional formulas. In: Software Product Lines Conference, pp. 7–20 (2005)

  6. Beizer, B.: Software Testing Techniques, 2nd edn. Van Nostrand Reinhold Co., Hoboken (1990)

    MATH  Google Scholar 

  7. Benavides, D.: On the Automated Analysis of Software Product Lines using Feature Models. PhD thesis, Univ. of Seville (2007)

  8. Benavides, D., Ruiz-Cortés, A., Trinidad, P.: Automated reasoning on feature models. In: International Conference on Advanced Information, Systems Engineering, pp. 491–503 (2005)

  9. Benavides, D., Segura, S., Ruiz-Cortés, A.: Automated analysis of feature models 20 years later: a literature review. Inf. Syst. 35(6), 615–636 (2010)

    Article  Google Scholar 

  10. Benavides, D., Segura, S., Trinidad, P., Ruiz-Cortés, A.: FAMA: tooling a framework for the automated analysis of feature models. In: International Workshop on Variability Modeling of Software-Intensive Systems, pp. 129–134 (2007)

  11. Berger, T., She, S., Lotufo, R., Wasowski, A., Czarnecki, K.: Variability modeling in the real: a perspective from the operating systems domain. In: International Conference on Automated Software Engineering, pp. 73–82 (2010)

  12. BigLever. Biglever software gears. http://www.biglever.com/. Accessed March 2015

  13. Bowen, J., Hinchey, M.: Ten commandments of formal methods\(\ldots \) ten years on. In: Hinchey, M., Coyle, L. (eds.) Conquering Complexity, pp. 237–251. Springer, London (2012)

    Chapter  Google Scholar 

  14. Chan, W., Cheung, S., Leung, K.: A metamorphic testing approach for online testing of service-oriented software applications. Int. J. Web Serv. Res. 4(2), 61–81 (2007)

    Article  Google Scholar 

  15. Chen, T.Y., Cheung, S.C., Yiu, S.M.: Metamorphic testing: a new approach for generating next test cases. Technical Report HKUST-CS98-01, Univ. of Science and Tech., Hong Kong (1998)

  16. Chen, T.Y., Feng, J., Tse, T.H.: Metamorphic testing of programs on partial differential equations: a case study. In: International Computer Software and Applications Conference, pp. 327–333 (2002)

  17. Chen, T.Y., Huang, D.H., Tse, T.H., Zhou, Z.Q.: Case studies on the selection of useful relations in metamorphic testing, pp. 569–583. In: Ibero-American Symposium on Software Engineering and Knowledge, Engineering(2004)

  18. Classen, A., Boucher, Q., Heymans, P.: A text-based approach to feature modelling: syntax and semantics of TVL. Sci. Comput. Program. 76(12), 1130–1143 (2011)

    Article  Google Scholar 

  19. Clements, P., Northrop, L.: Software Product Lines: Practices and Patterns. Addison-Wesley, Reading (2001)

    Google Scholar 

  20. Clocksin, W.F., Mellish, C.S.: Programming in Prolog: Using the ISO Standard, 5th edn. Springer, Berlin (2003)

    Book  MATH  Google Scholar 

  21. Czarnecki, K., Grünbacher, P., Rabiser, R., Schmid, K., Wasowski, A.: Cool features and tough decisions: a comparison of variability modeling approaches. In: International Workshop on Variability Modeling of Software-Intensive Systems, pp. 173–182 (2012)

  22. Czarnecki, K., Helsen, S., Eisenecker, U.: Formalizing cardinality-based feature models and their specialization. Softw. Process Improv. Pract. 10(1), 7–29 (2005)

    Article  Google Scholar 

  23. El-Sharkawy, S., Dederichs, S., Schmid, K.: From feature models to decision models and back again. In: International Software Product Line Conference, pp. 126–135 (2012)

  24. Fagereng Johansen, M., Haugen, O., Fleurey, F.: An algorithm for generating t-wise covering arrays from large feature models. In: International Software Product Line Conference (2012)

  25. Fan, S., Zhang, N.: Feature model based on description logics. In: International Conference on Knowledge-Based Intelligent Information and Engineering Systems, pp. 1144–1151 (2006)

  26. Fernandez-Amorós, D., Heradio, R., Cerrada, J.: Inferring information from feature diagrams to product line economic models. In: Software Product Line Conference, pp. 41–50 (2009)

  27. Fernández-Amorós, D., Heradio, R., Cerrada, J.A., Cerrada, C.: A scalable approach to exact model and commonality counting for extended feature models. IEEE Trans. Softw. Eng. 40(9), 895–910 (2014)

    Article  Google Scholar 

  28. Feature Modeling Plug-in. http://gp.uwaterloo.ca/fmp/. Accessed March 2015

  29. Galindo, J., Alférez, M., Acher, M., Baudry, B., Benavides, D.: A variability-based testing approach for synthesizing video sequences. In: International Symposium on Software Testing and Analysis, pp. 293–303 (2014)

  30. Galindo, J.A., Turner, H., Benavides, D., White, J.: Testing variability intensive systems using automated analysis: an application in android. Softw. Qual. J. (2014). doi:10.1007/s11219-014-9258-y

  31. García-Galán, J., Trinidad, P., Rana, O. F., Ruiz-Cortés, A.: Automated configuration support for infrastructure migration to the cloud. Future Gener. Comput. Syst. (2015). doi:10.1016/j.future.2015.03.006

  32. Gheyi, R., Massoni, T., Borba, P.: A theory for feature models in alloy. In: First Alloy, Workshop, pp. 71–80 (2006)

  33. Gheyi, R., Massoni, T., Borba, P.: Algebraic laws for feature models. J. Univ. Comput. Sci 14(21), 3573–3591 (2008)

    MATH  Google Scholar 

  34. Henard, C., Papadakis, M., Perrouin, G., Klein, J., Le Traon, Y.: Multi-objective test generation for software product lines. In: International Software Product Line Conference, pp. 62–71 (2013)

  35. Hewitt, M., O’Halloran, C., Sennett, C.: Experiences with PiZA, an animator for Z. In: Z user meeting, pp. 35–51 (1997)

  36. ISA Research Group. FaMa Tool Suite. http://www.isa.us.es/fama/. Accessed March 2015

  37. ISO/IEC: Information technology—Z formal specification notation—Syntax, type system and semantics. International Standard ISO/IEC 13568:2002 (2002)

  38. Jackson, D.: Software Abstractions: Logic, Language, and Analysis, revised edition. MIT Press, Cambridge (2012)

    Google Scholar 

  39. Kang, K., Cohen, S., Hess, J., Novak, W., Peterson, S.: Feature-Oriented Domain Analysis (FODA) Feasibility Study. Technical Report CMU/SEI-90-TR-21, Soft. Engineering Institute (1990)

  40. King, P.: Printing Z and Object-Z LaTeX documents. University of Queensland (1990)

  41. Le Berre, D., Rapicault, P.: Dependency management for the eclipse ecosystem: eclipse p2, metadata and resolution, pp. 21–30. In: International Workshop on Open Component, Ecosystems (2009)

  42. Lopez-Herrejon, R., Linsbauer, L., Galindo, J., Parejo, J.A., Benavides, D., Segura, S., Egyed, A.: An assessment of search-based techniques for reverse engineering feature models. J. Syst. Softw. 103, 353–369 (2015)

    Article  Google Scholar 

  43. Mendonca, M., Branco, M., Cowan, D.: SPLOT: software product lines online tools. In: Companion to the International Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 761–762 (2009)

  44. Mendonca, M., Wasowski, A., Czarnecki, K., Cowan, D.: Efficient compilation techniques for large scale feature models. In: Generative Programming and Component Engineering Conference, pp. 13–22 (2008)

  45. Müller, C., Resinas, M., Ruiz-Cortés, A.: Automated analysis of conflicts in WS-agreement. IEEE Trans. Serv. Comput. 7(4), 530–544 (2014)

    Article  Google Scholar 

  46. Myers, G.J., Sandler, C.: The Art of Software Testing. Wiley, New York (2004)

    Google Scholar 

  47. Olaechea, R., Stewart, S., Czarnecki, K., Rayside, D.: Modeling and multi-objective optimization of quality attributes in variability-rich software. In: International Workshop on Non-functional System Properties in Domain Specific Modeling Languages (2012)

  48. Pérez Lamancha, B. Polo Usaola, M.: Testing product generation in software product lines using pairwise for features coverage. In: International Conference on Testing Software and Systems, pp. 111–125 (2010)

  49. Perrouin, G., Oster, S., Sen, S., Klein, J., Baudry, B., Le Traon, Y.: Pairwise testing for software product lines: comparison of two approaches. Softw. Qual. J. 20(3–4), 605–643 (2011)

    Google Scholar 

  50. Perrouin, G., Sen, S., Klein, J., Baudry, B., Le Traon, Y.: Automated and Scalable T-wise Test Case Generation Strategies for Software Product Lines. In: International Conference on Software Testing, Verification and Validation, pp. 459–468 (2010)

  51. Pohl, K., Böckle, G., van der Linden, F.: Software Product Line Engineering: Foundations, Principles, and Techniques. Springer, Berlin (2005)

    Book  MATH  Google Scholar 

  52. pure::variants. http://www.pure-systems.com/. Accessed March 2015

  53. Roos-Frantz, F.: Automated Analysis of Software Product Lines with Orthogonal Variability Models. PhD thesis, Univ. of Seville (2012)

  54. Roos-Frantz, F., Benavides, D., Ruiz-Cortés, A., Heuer, A., Lauenroth, K.: Quality-aware analysis in product line engineering with the orthogonal variability model. Softw. Qual. J. 20(3–4), 519–565 (2012)

    Article  Google Scholar 

  55. Saaltink, M.: The Z/EVES system. In: Z User Meeting, pp. 72–85 (1997)

  56. Sayyad, A.S., Menzies, T., Ammar, H.: On the value of user preferences in search-based software engineering: a case study in software product lines. In: International Conference on Software Engineering, pp. 492–501 (2013)

  57. Schmid, K., John, I.: A customizable approach to full lifecycle variability management. Sci. Comput. Program. 53(3), 259–284 (2004)

    Article  MathSciNet  Google Scholar 

  58. Schmid, K., Rabiser, R., Grünbacher, P.: A comparison of decision modeling approaches in product lines. In: Working on Variability Modeling of Software-Intensive Systems, pp. 119–126 (2011)

  59. Schobbens, P., Trigaux, J.C., Heymans, P., Bontemps, Y.: Generic semantics of feature diagrams. Comput. Netw. 51(2), 456–479 (2007)

    Article  MATH  Google Scholar 

  60. Segura, S.: Automated analysis of feature models using atomic sets. In: Workshop on Analyses of Software Product Lines, pp. 201–207 (2008)

  61. Segura, S., Benavides, D., Ruiz-Cortés, A.: Functional testing of feature model analysis tools: a test suite. IET Softw. 5(1), 70–82 (2011)

    Article  Google Scholar 

  62. Segura, S., Durán, A., Sánchez, A.B., Le Berre, D., Lonca, E., Ruiz-Cortés, A.: Automated metamorphic testing of variability analysis tools. Softw. Test. Verif. Reliab. 25(2), 138–163 (2015)

    Article  Google Scholar 

  63. Segura, S., Galindo, J.A., Benavides, D., Parejo, J.A., Ruiz-Cortés, A.: Betty: benchmarking and testing on the automated analysis of feature models. In Workshop on Variability Modelling of Software-intensive Systems, pp. 63–71 (2012)

  64. Segura, S., Hierons, R.M., Benavides, D., Ruiz-Cortés, A.: Automated metamorphic testing on the analyses of feature models. Inf. Softw. Technol. 53(3), 245–258 (2011)

    Article  Google Scholar 

  65. Spivey, J.M.: The Z Notation: A Reference Manual. Prentice-Hall, Englewood Cliffs (1992)

    MATH  Google Scholar 

  66. Sun, J., Zhang, H., Li, Y.F., Wang, H.: Formal semantics and verification for feature modeling. In: International Conference on Engineering of Complex Computer Systems, pp. 303–312 (2005)

  67. Thüm, T., Batory, D., Kästner, C.: Reasoning about edits to feature models. In International Conference on Software Engineering, pp. 254–264 (2009)

  68. Thüm, T., Kastner, C., Erdweg, S., Siegmund, N.: Abstract features in feature modeling. In Software Product Lines Conference, pp. 191–200 (2011)

  69. Treinen, R., Zacchirol, S.: Common upgradeability description format (cudf) 2.0. Technical Report 003, The Mancoosi project (FP7) (2009)

  70. Trinidad, P., Benavides, D., Durán, A., Ruiz-Cortés, A., Toro, M.: Automated error analysis for the agilization of feature modeling. J. Syst. Softw. 81(6), 883–896 (2008)

    Article  Google Scholar 

  71. Trinidad, P., Benavides, D., Ruiz-Cortés, A., Segura, S., Jimenez, A.: Fama framework. In: International Software Product Line Conference Tool Demonstrations, p. 359 (2008)

  72. von der Massen, T., Litcher, H.: Determining the variation degree of feature models. In: Software Product Lines Conference, pp. 82–88 (2005)

  73. West, M.M., Eaglestone, B.M.: Software development: two approaches to animation of Z specifications using prolog. Softw. Eng. J. 7(4), 264–276 (1992)

    Article  Google Scholar 

  74. Weyuker, E.J.: On testing non-testable programs. Comput. J. 25(4), 465–470 (1982)

    Article  Google Scholar 

  75. White, J., Benavides, D., Schmidt, D.C., Trinidad, P., Dougherty, B., Ruiz-Cortés, A.: Automated diagnosis of feature model configurations. J. Syst. Softw. 83(7), 1094–1107 (2010)

    Article  Google Scholar 

  76. White, J., Galindo, J., Saxena, T., Doughtery, B., Benavides, D., Schmidt, D.: Evolving feature model configurations in software product lines. J. Syst. Softw. 87, 119–136 (2014)

    Article  Google Scholar 

  77. Wielemaker, J.: Prolog unit tests. http://www.swi-prolog.org/pldoc/package/plunit.html. Accessed March 2015

  78. Zhang, W., Yan, H., Zhao, H., Jin, Z.: A BDD-based approach to verifying clone-enabled feature models’ constraints and customization. In: International Conference on Software Reuse, pp. 186–199 (2008)

  79. Zhang, W., Zhao, H., Mei, H.: A propositional logic-based method for verification of feature models. In: International Conference on Formal Methods and Software Engineering, pp. 115–130 (2004)

  80. Zhou, Z.Q., Huang, DH., Tse, TH., Yang, Z., Huang, H., Chen, TY.: Metamorphic testing and its applications. In: International Symposium on Future Software Technology, pp. 346–351 (2004)

Download references

Acknowledgments

The authors would like to thank José A. Galindo for his help implementing the BeTTy module for generating the tests in Prolog. We would also like to thank Miguel Toro, Pere Botella, Isidro Ramos, Frank van der Linden, Ernesto Pimentel, Vicente Pelechano, Daniel Le Berre, Sven Apel, Patrick Heymans, Paolo Borba, Maurice ter Beek, Rob Hierons, Michael Hinchey and the anonymous reviewers, for their helpful comments on earlier versions of this article. Finally, we thank Marwa Benabdelali for using a very early version of the reference implementation of FLAME at the Institut Supérieur de Gestion de Tunis and provide early feedback.

Author information

Authors and Affiliations

  1. Department of Computer Languages and Systems, Universidad de Sevilla, E.T.S.I. Informática, Av. Reina Mercedes s/n, 41012, Seville, Spain

    Amador Durán, David Benavides, Sergio Segura, Pablo Trinidad & Antonio Ruiz-Cortés

Authors
  1. Amador Durán
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Benavides
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sergio Segura
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pablo Trinidad
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Antonio Ruiz-Cortés
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amador Durán.

Additional information

Communicated by Prof. Einar Broch Johnsen and Luigia Petre.

This work was partially supported by the European Commission (FEDER), and the Spanish and Andalusian R&D&I program grants COPAS (P12-TIC-1867), TAPAS (TIN2012-32273), THEOS (TIC-5906), and SaaS Firewall (IPT-2013-0890-3).

Appendices

Appendix 1: CML preview for OVM

This appendix contains the metamodel and the corresponding abstract syntax for the Orthogonal Variability Modeling (OVM) notation [51]. The complete CML specification, including the (features-in-a-model) function and the (is-instance-of) predicate, has not been included in order to avoid an excessive length of the article.

The main concepts in OVM models are variation points, variants and constraints. Their graphical representation is shown in Fig. 15, borrowed from [54]. The corresponding metamodel is shown in Fig. 16. For a thorough description of the OVM notation, the interested reader can consult [51].

Fig. 15
figure 15

OVM notation summary

Full size image
Fig. 16
figure 16

OVM metamodel

Full size image

The translation of the metamodel into an abstract syntax specification in Z is the following. First, an OVM model is defined as a nonempty set of variation points and a set of constraints.

figure bs

Then, variation points are defined as mandatory and optional. In both cases, they are formed by a feature name and a nonempty set of relationships.

figure bt

The relationships between variation points and its variants are described as follows. Notice that the alternative relationship includes two natural numbers for the maximum and minimum cardinalities. Also, variants are described as containers of one feature name.

figure bu

A generalization of variation points and variants, variation element, is needed to specify constraints, which are represented in a similar way as CTCs in BFM, except that in this case they can be set between any pair of variation elements, i.e., variation points and variants.

figure bv

Appendix 2: CML preview for CUDF

In a similar way to Appendix 1, this appendix contains a preview of the CML for a simplified version of Common Upgradeability Description Format (CUDF) documents [69], a format for describing variability in package-based Free and Open-Source Software (FOSS) distributions. A sample fragment of a CUDF document is shown in Fig. 17.

Packages, attributed with name and version, are the main concept in CUDF documents, equivalent to features in BFM or OVM. They can be related to each other by conflict and dependency relationships. Dependency relationships can be grouped conjunctively—all dependencies must be satisfied—or disjunctively—at least one dependency must be satisfied. All relationships are version dependant, both in depender and dependee packages. The corresponding metamodel is shown in Fig. 18.

Fig. 17
figure 17

Sample CUDF document fragment

Full size image
Fig. 18
figure 18

CUDF metamodel

Full size image

Before specifying the abstract syntax for CUDF documents, some preliminary definitions are needed. Assuming some type for package IDs (usually character strings), version numbers are defined as natural numbers, version comparators are defined as relations between pairs of version numbers, and features are redefined as \((PackageID,Version)\) pairs:

figure bw

Having defined previous concepts, a CUDF model can be defined as a set of package relationships:

figure bx

Relationships, which can be conflicts, conjunctive dependencies, or disjunctive dependencies, are defined over constraints as follows:

figure by

Finally, constraints are defined as 5-tuples \((p,v,q,k,\theta )\), where p and q are the identifiers of the depender and dependee packages, respectively, v and k are literal version values, and \(\theta \) is a comparison operator.

figure bz

For example, a constraint such as \((arduino, 2, JDK, 6, {\ge })\) in a conjunctive dependency indicates that version 2 of the arduino package depends on the JDK package version 6 or higher.

Appendix 3: Theorem proofs

This appendix contains the proof of theorems included in Sect. 3.

Proof of theorem 1

(the number of products of a void SPL is 0)

This theorem is proved by the substitution of \(void\) and \(\mathcal {N}\) by their definitions:

figure ca

Since \(\#\emptyset = 0\) by definition, the theorem is proved. \(\square \)

Proof of theorem 2

(there not exists any valid configuration for a void SPL)

This theorem is proved by the substitution of by its definition:

figure cb

Since spl is void, by definition is empty and therefore no valid product with respect to any configuration exists. \(\square \)

Proof of theorem 3

(any filtering on a void SPL results in an empty set of products)

This theorem is proved by the substitution of by its definition:

figure cc

Since spl is void, by definition is empty and therefore is also empty for any c. \(\square \)

Proof of theorem 4

(any pair of void SPL s are equivalent)

This theorem is proved by the substitution of by its definition:

figure cd

Since \(spl_1\) and \(spl_2\) are void, by definition and are empty and therefore equal. \(\square \)

Proof of theorem 5

(the set of core features of a void SPL is empty)

This theorem is proved by the substitution of by its definition:

figure ce

Since spl is void, by definition is empty and therefore is also empty. \(\square \)

Proof of theorem 6

(all features of a void SPL are dead)

This theorem is proved by the substitution of by its definition:

figure cf

Since spl is void, by definition is empty and therefore is also empty. \(\square \)

Proof of theorem 7

(the set of variant features of a void SPL is empty)

This theorem is proved by the substitution of by its definition:

figure cg

We know by Theorems 5 and 6 that the set of core features of a void SPL is empty and that all its features are dead. Substituting in the subtraction expression of the three sets, the theorem is proved. \(\square \)

Proof of theorem 8

(the core, variant and dead features of an SPL partition its features)

In order to prove this theorem, first we substitute the expression by its definition, and then, the four resulting lemmas are proved:

figure ch

\(\square \)

Lemma 1

(core and variant features are disjoint)

This lemma is proved by the substitution of by its definition:

figure ci

is subtracted from spl.features in the right-hand side of the intersection expression; therefore, the intersection is empty.

Lemma 2

(core and dead features are disjoint)

This lemma is proved by the substitution of and by their definitions:

figure cj

Since the distributed intersection of a set of sets is always a subset of the distributed union of the same set of sets, i.e., , the set difference does not contain any feature in , and therefore, the result of the intersection is empty.

Lemma 3

(variant and dead features are disjoint)

This lemma is proved by the substitution of by its definition:

figure ck

is subtracted from spl.features in the left-hand side of the intersection expression; therefore, the intersection is empty.

Lemma 4

(the core, variant and dead features are all the features)

This lemma is proved by the substitution of by their definition:

figure cl

Subtracting and adding the same set to another set leave the latter unmodified, i.e., . In the union expression, and are subtracted and added to spl.features, resulting in spl.features and therefore making both sides of the equality expression the same.

Once Lemmas 1, 2, 3, and 4 are proved, Theorem 8 gets proved too.

Proof of theorem 9

(the set of unique features of a void SPL is empty)

This theorem is proved by the substitution of by its definition:

figure cm

Since spl is void, by definition is empty, and therefore, is false, making empty. \(\square \)

Proof of theorems 10 & 11

(in SPL s with more than one product, unique features are variant features & in SPL s with only one product, unique features are core features)

These theorems are proved together using the definition of :

figure cn

Considering the definition of as , the definition of set subtraction implies that variant features cannot be neither core nor dead features, i.e.:

figure co

On the other hand, we know that unique features cannot be dead by definition, i.e.:

figure cp

Since we know by Theorem 8 that core, variant and dead features form a partition over the set of features of an SPL, unique features must then be core or variant.

figure cq

If a unique feature is core, that means that is present in all products. The only way of being present only in one product (unique) and in all products (core) at the same time is when there is only one product in the SPL.

figure cr

By elimination, if there are more than one product in an SPL, unique features cannot be core and must therefore be variant. \(\square \)

Proof of theorem 12

(the core features, if any, are always one of the atomic sets)

This theorem is proved by the substitution of and by their definitions:

figure cs

Since core features are included in all products, is true for all products, and therefore, core features are potential atomic sets. On the other hand, they are maximal by definition (), i.e., if a bigger potential atomic set existed, the core features would not be the core features but a proper subset of themselves. \(\square \)

Proof of theorem 13

(the dead features, if any, are always one of the atomic sets)

This theorem is proved by the substitution of and by their definitions:

figure ct

Since dead features are not included in any product, is true for all products, and therefore, dead features are potential atomic sets. On the other hand, they are maximal by definition (), i.e., if a bigger potential atomic set existed, the dead features would not be the dead features but a proper subset of themselves. \(\square \)

Proof of theorem 14

(void SPL s only have one atomic set, its features)

This theorem is proved by applying the results of Theorems 6 and 13:

figure cu

We know by theorems 6 and 13 that all the features of a void SPL are dead and that dead features are always an atomic set:

figure cv

Since spl.features is not empty by definition, we can conclude that in void SPL s, . Obviously, if spl.features is an atomic set, no other atomic sets can exist. \(\square \)

Proof of theorem 15

(the total variability of a void SPL is 0)

This theorem is proved by the substitution of by its definition:

figure cw

Since spl is void, we know by theorem 1 that . Therefore, . \(\square \)

Proof of theorem 16

(the partial variability of a void SPL is 0)

This theorem is proved by applying the results of theorem 7:

figure cx

Since spl is void, we know by theorem 7 that .

figure cy

Because of the definition of (see Sect. 3.5.2), implies that . \(\square \)

Proof of theorem 17

(The old homogeneity of a void SPL is 100 %)

This theorem is proved by the substitution of by its definition:

figure cz

Since spl is void, we know by theorem 9 that . Therefore, . \(\square \)

Proof of theorem 18

(The new homogeneity of a void SPL is 0 %)

This theorem is proved by the substitution of by its definition:

figure da

Because of the definition of (see Sect. 3.5.1), the commonality of a void SPL is always 0. Therefore, . \(\square \)

Appendix 4: Prolog code of the reference implementation

This appendix contains the translation guidelines applied to the translation of the Z specification into Prolog, and an example of use of the Prolog reference implementation, which can be downloaded from http://www.isa.us.es/flame, together with the 20,000 metamorphic tests.

Fig. 19
figure 19

Output of the execution of the analysis of a sample SPL in the FLAME reference implementation

Full size image

1.1 Z-to-Prolog translation guidelines

The main guidelines followed during the manual translation of the Z specification into Prolog are described below.

  • Z sets are represented as Prolog lists without duplicates, something common in the animation of Z specifications in Prolog [35, 73]. A small toolkit for those set operations not present in the SWI Prolog distribution was developed for that purpose.

  • The SPL schema type was represented as the functor spl(F,M), where F is the SPL feature set and M is the SPL characteristic model. Functors are the usual way of representing compound objects in Prolog (see [20] for details).

  • The Configuration type is represented as the functor configuration(S,R), where S is the set of selected features and R is the set of removed features.

  • The relation (is-instance-of) is represented as the instance_of(P,M) predicate, where P is a product and M is a characteristic model.

  • The function is represented as the features(M,F) predicate, where M is a characteristic model and F is the set of features used in the model.

  • As a general pattern, when some elements in a set must be selected by satisfying a predicate, i.e.:

    figure db

    this is translated into Prolog using the standard predicate findall(X,G,L) [20], which returns a list L with all the values of X that satisfy the, possibly compound, goal G. In this pattern, the goal is formed by the conjunction of the membership of X to X_S and the satisfaction of predicate P on X:

    figure dc

  • Another pattern was applied for translating expressions using the universal quantifier over the elements of a set, i.e.:

    figure dd

    This is translated into Prolog using the common predicate forall (C,P), which succeeds if all solutions of C satisfy predicate P. In this case, the condition is the membership of X to X_S, and the predicate is any predicate P on X:

    figure de

1.2 Sample use of the FLAME framework

If an SPL designer would like to use FLAME to analyze her FMs, she should represent them in the Prolog format for the FLAME abstract syntax. For example,

figure df

Then, she could use a predicate like this for analyzing her SPL:

figure dg

That would produce the output in Fig. 19 after calling analyze( survey_spl ) from the Prolog prompt.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Durán, A., Benavides, D., Segura, S. et al. FLAME: a formal framework for the automated analysis of software product lines validated by automated specification testing. Softw Syst Model 16, 1049–1082 (2017). https://doi.org/10.1007/s10270-015-0503-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-015-0503-z

Keywords

Search

Navigation