This document proposes an analysis to determine if completing a partial configuration with defaults in a feature model could result in conflicts. It defines: 1) Encoding feature models with defaults as a SAT problem using variables to represent default/override states and feature values. 2) A process to build a model M1 without defaults and copy a partial configuration to a model M2 with defaults to search for a conflicting completion. 3) It applies this analysis to the Common Variability Language (CDL) and demonstrates translations to an SMT solver, showing feasibility on simple models. Scaling to all CDL models is left as future work.

1. Defaults Analyses in non-Boolean Feature Models
Leonardo Passos
(lpassos@gsd.uwaterloo.ca)
February 2012
1 / 19

2. Outline
Proposed Analysis
Initial Definitions
Analysis Encoding
Case Study: CDL
2 / 19

3. Proposed Analysis
3 / 19

4. Analysis
Given a model with defaults, is it the case that for every correct
partial configuration, its completion using defaults result in a
conflict-free completion?
4 / 19

5. Initial Definitions
5 / 19

6. Encoding of Boolean FMs with no Defaults
Given a feature model (FM) M, let F = {f1 , . . . , fn } be the
set of its features.
Each analysis over F is modelled as a SAT problem (given to
SMT Solvers).
Encoding scheme for Boolean FMs with no defaults:
E = {e1 , . . . , en }: set of variables, each denoting a feature’s
enabled state.
Φ = ΦFM ∧ ΦCTC : satisfiability constraint
6 / 19

7. Encoding of Boolean FMs with Defaults
E and Φ as before.
DE = {de1 , . . . , den }: set of variables, each denoting a
feature’s default enable state.
OE = {oe1 , . . . , oen }: set of variables, each controlling if a
feature’s default enable state has been overridden by the user.
UE = {ue1 , . . . , uen }: set of variables, each denoting a
feature’s enable state as set by the user.
7 / 19

8. Encoding of Boolean FMs with Defaults
New satisfiability constraint:
Φ ∧ ΦSE ∧ ΦDE ∧ ΦOE
7 / 19

9. Encoding of Boolean FMs with Defaults
New satisfiability constraint:
Φ ∧ ΦSE ∧ ΦDE ∧ ΦOE
ΦSE : source of a feature’s enabled value.
n
ei = (oei ?uei : dei )
i=1
7 / 19

10. Encoding of Boolean FMs with Defaults
New satisfiability constraint:
Φ ∧ ΦSE ∧ ΦDE ∧ ΦOE
ΦDE : defaults setting.
n
dei = default enabled expression for fi
i=1
7 / 19

11. Encoding of Boolean FMs with Defaults
New satisfiability constraint:
Φ ∧ ΦSE ∧ ΦDE ∧ ΦOE
ΦOE : controls which features cannot have the enabled value
overridden.
oei = false
i∈{k | fk ∈F , ¬overridableE (fk )}
where
false, fi is mandatory
overridableE (fi ) =
true, otherwise
7 / 19

12. Encoding of Non-Boolean Feature Models with Defaults
E, DE , OE , UE , ΦSE , ΦDE , ΦOE as before
Create set of variables and constraints for the data value part:
V, DV , OV , UV , ΦSV , ΦDV , ΦOV .
Φ = ΦFM ∧ ΦCTC is now defined over E and V.
Note that:
|V = {v1 , . . . , vm }| ≤ |E|
|DV | = |V| ≤ |DE |
|OV | = |V| ≤ |OE |
|UV | = |V| ≤ |UE |
8 / 19

13. Analysis Encoding
9 / 19

14. Analysis Statement
Given a model with defaults, is it the case that for every correct
partial configuration, its completion using defaults result in a
conflict-free completion?
10 / 19

15. Abstract Idea
M1 M2
copied
e
pl
copied
a m
ex
copied
t er
o un
C
Partial configuration Partial configuration
+ +
completion default completion with conflicts
(SAT) (SAT)
User provided value Correct completion value Default completion value
11 / 19

16. 1) Build M1
Model M1 has no defaults.
Solution: use completion variables instead.
Sets of variables:
E: enable variables. V: set of data value
variables.
CE (new): enabled
completion value CV (new): data value
variables. completion variables.
HUE (new): flag variables HUV (new) : flag
that signal whether the variables that signal
user has set a feature’s whether the user has set
enabled state. a feature’s data value.
UE : user set enabled UV : user set data value
value variables. variables.
12 / 19

17. 1) Build M1
Satisfiability constraint ΦM1 :
Φ1 ∧ ΦSE1 ∧ ΦSV1 ∧ ΦHUE ∧ ΦHUV
1 1
12 / 19

18. 1) Build M1
Satisfiability constraint ΦM1 :
Φ1 ∧ ΦSE1 ∧ ΦSV1 ∧ ΦHUE ∧ ΦHUV
1 1
ΦSE : source of a feature’s enabled value.
n
ei = (hei ?uei : cei )
i=1
where ei ∈ E, hei ∈ HUE , uei ∈ UE and cei ∈ CE .
ΦSV : analogous, but manipulates variables related to V.
12 / 19

19. 1) Build M1
Satisfiability constraint ΦM1 :
Φ1 ∧ ΦSE1 ∧ ΦSV1 ∧ ΦHUE ∧ ΦHUV
1 1
ΦHUE : controls which features cannot have the enabled value
set by the user.
hei = false
i∈{k | fk ∈F , ¬overridableE (fk )}
where overridableE (fi ) is as defined before.
ΦHV : analogous, but manipulates variables related to V.
12 / 19

20. 2) Copy User-Values to M2
Copy constraint (ΦCOPY ):
n m
(oei2 = hei1 ) ∧ (ovi2 = hvi1 ) ∧
i=1 i=1
n m
(uei2 = uei1 ) ∧ (uvi2 = uvi1 )
i=1 i=1
13 / 19

21. 3) Counter Example for Default Completion in M2
Φ2 constraint was defined as
ΦFM2 ∧ ΦCTC2
Counter example constraint (ΦCOUNTER-EXAMPLE-M2 ):
(ΦFM2 ∧ ¬ΦCTC2 ) ∧ (ΦSE2 ∧ ΦSV2 ) ∧ (ΦDE2 ∧ ΦDV2 )
14 / 19

22. 4) Putting Everything Together
ΦM1 ∧ ΦCOPY ∧ ΦCOUNTER-EXAMPLE-M2
If SMT Solver returns SAT, a counter example is readily
available.
Otherwise, the SMT returns UNSAT: no counter example
exists and the set of defaults is valid for all correct partial
configurations.
15 / 19

23. Case Study: CDL
16 / 19

24. CDL Specifics
CDL requires a new constraint: ΦDo (stating a feature’s legal
values).
Completion of M1 should be based on default-defaults.
17 / 19

25. Analysis of CDL Models
Analysis of existing CDL models, given this logical framework,
is straightforward.
In CDL, each feature has an enabled and data value part
(n = m).
Simple models were manually translated to Z3 SMT Solver as
a proof of concept.
Will it scale to the whole set of models?. . .
18 / 19

26. Questions?
19 / 19