Conflict-Tolerant Features

Abstract

Large, software intensive systems are typically developed using a feature oriented development paradigm in which feature specifications are derived from domain requirements and features are implemented to satisfy such specifications. Historically, this approach has been followed in the telecommunications industry. More recently, in the automotive industry, features (for e.g. electronic stability control, collision avoidance etc.) are being developed as part of a software product line and a suitable subset of these features is integrated in an automobile model based on market requirements. Typically, features are designed independently by different engineering teams and are integrated later to create a system. Integrating features that are designed independently is extremely hard because the interactions between features are not understood properly and any incompatibilities may lead to costly redesign. In this thesis, we propose a framework for developing feature based systems such that even if features are incompatible, they can be integrated without redesign. Our view is that a feature based system consists of a base system and multiple features (or controllers), each of which independently advise the base system on how to react to an input so as to conform to their respective specifications. Such a system may reach a point of “conflict” between two or more features when they do not agree on a common action that the base system should perform. Instead of redesigning one or more features for resolving a conflict, we propose the novel notion of “conflicttolerance”, which requires features to be “resilient” or “tolerant” with regard to violations of their advice. Thus, unlike a classical feature, a conflicttolerant feature observes that its advice has been overridden, and takes this fact into account before proceeding to offer advice for subsequent behaviour of the base system. Conflict-tolerant features are composed using a priority order such that whenever a conflict occurs between two features, the base system continues with the advice of the higher priority feature. We guarantee that each feature is “maximally” utilized in that its advice is not taken only when there is a conflict with some higher priority controller. We show how to specify conflict-tolerant features for finite state, timed, and hybrid systems and also provide decision procedures for automated verification of finite state and timed systems. This provides a compositional technique for verifying systems which are composed of conflict-tolerant features. Our framework for developing feature based systems enables conflictresolution without redesign. The scope for reusing conflict tolerant features is significantly higher thus reducing design and verification effort.