Directed Graph Reachability in the

Presence of VariabilityMichał Antkiewicz

Oct 26, 2015University of Waterloo

http://gsd.uwaterloo.ca http://necsis.cahttp://clafer.org

We’d like to…1. Model directed graphs with variability2. Enforce or verify reachability

Hands on mini-tutorial:http://t3-necsis.cs.uwaterloo.ca:8091/graphReachability

Requirements

• Directed graph • or multi-graph

• Optional edges or multiple targets• Edges have weight• Optional nodes• Enforce or verify that in all possible graphs a given node is reachable

from another node

N1

N2

N3?

N4E4?(2)

E1?(1)

E2?(2)

E3?(5) E5?(1)

Modeling using Clafer

• Directed graph• Outgoing edges disappear with

the node

• Edges have weight

• Directed multi-graph

abstract Node * abstract Edge -> Node * weight -> integer [ this.dref > 0 ]

abstract Node * abstract Edge ->> Node *

Modeling a Concrete Graph with Variability

abstract Node * abstract Edge ->> Node * weight -> integer [ this > 0 ]

N1

N2

N3?

N4

E1?(1)

E3?(5)

E4?(2)

E5?(1)

E2?(2)

N1 : Node 1 E1 : Edge -> N2 ? [ weight = 1 ] E2 : Edge -> N2 ? [ weight = 2 ] E3 : Edge -> N3 ? [ weight = 5 ]N2 : Node E4 : Edge -> N3 ? [ weight = 2 ]N3 : Node ? E5 : Edge -> N4 ? [ weight = 1 ]N4 : Node

Reference refinement of: abstract Edge ->> Node *

A Few Possible Graphs

N1

N2

N3

N4 N1

N2

N3

N4

E1(1)

E5(1)

… N1

N2

N3

N4

E1(1)

E3(5)

E4(2)

E5(1)

E2?(2)…

N1

N2

N4 N1

N2

N4

E1(1)

… N1

N2

N4

E1(1)

E2(2)…

Enforcing reachability of N4 from N1

• N4 is in the set of nodes reachable from N1• “N1.Edge”

• N2, N3

• “N1.Edge.Edge”• = “(N2, N3).Edge”• N3, N4

• “N1.^Edge”• Transitive closure (^) is

“N1.Edge ++ N1.Edge.Edge ++ …”

• Finally“[ N4 in N1.^Edge ]”

N1

N2

N3

N4

E1?(1)

E3?(5)

E4?(2)

E5?(1)

E2?(2)

Unfortunately, transitive closure is not yet*

implemented in ClaferWe must escape to Alloy to write that constraint

* It is at the top of the list….

Translation to Alloy

abstract Node * abstract Edge ->> Node * weight -> integer

abstract sig Node{ r_Edge : set Edge }

abstract sig Edge{ Edge_ref : one Node, r_weight : one weight }{ one @r_Edge.this }

sig weight{ weight_ref : one Int }{ one @r_weight.this }

[ N4 in N1.^Edge ]

[alloy|fact { N4 in N1.^(r_Edge.Edge_ref)}|]

A Few Possible Graphs

N1

N2

N3

N4

E1?(1)

E4?(2)

E5?(1)

N1

N2

N3

N4

E3?(5) E5?(1)

N1

N2

N3

N4E4?(2)

E5?(1)

E2?(2)

N1

N2

N3

N4

E1?(1)

E3?(5)

E4?(2)

E5?(1)

E2?(2)N1

N2

N3

N4

E1?(1)

E3?(5) E5?(1)

E2?(2)N1

N2

N3

N4

E1?(1)

E4?(2)

E5?(1)

E2?(2)

Exercises

http://t3-necsis.cs.uwaterloo.ca:8091/graphReachability

Q1: Can you make N1 prohibited (that is give it cardinality 0) and get an instance? Why?

A: No. “N1.^Edge” will be an empty set because N1 is empty and N4 cannot be a subset of an empty set.

Q2: Make the edges E1 and E2 mutually exclusive.

Can they be put into a feature group as follows. Why?

A1: “[E1 xor E2]”. A2: No, edges must be nested directly under nodes.

N1

N2

N3

N4

E1?(1)

E2?(2)

E3?(5)

E4?(2)

E5?(1)

xor N1 : Node 1 xor group E1 : Edge -> N2 ? E2 : Edge -> N2 ?

Q3: Make the edge E2 point to either N2 or N3.

A: “E2 : Edge -> N2 ++ N3 ?”.

N1

N2

N3

N4

E1?(1)

E2?(2)

E3?(5)

E4?(2)

E5?(1)

xor

N1

N2

N3

N4

E1?(1)

E2?(2)

E3?(5)

E4?(2)

E5?(1)

N2++N3

E2->N3

E2->N2

Q4: Change the graph such that N4 is always reachable from N1 with minimal # of edges.

A: “N3 : Node E5 : Edge -> N4 [ lone (E1 ++ E2) ] [ E3 xor E4 ] [ E4 <=> E1 || E2 ]”

[alloy|assert N4isReachable { N4 in N1.^(r_Edge.Edge_ref)}check N4isReachable for 1 but 5 Edge, 4 Node, 5 weight|]

N1

N2

N3

N4

E1?(1)

E2?(2)

E3?(5)

E4?(2)

E5 (1)

mux

xor

Directed Graph Reachability in the

Presence of Variability

Thank You!

http://gsd.uwaterloo.ca http://necsis.cahttp://clafer.org