The Power of ‘‘Why’’ and ‘‘Why Not’’: Enriching Scenario Exploration with Provenance

Timothy Nelson, Natasha Danas, Daniel J. Dougherty, Shriram Krishnamurthi

Joint European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering, 2017

(Best Paper.)

Abstract

Scenario-finding tools like the Alloy Analyzer are widely used in numerous concrete domains like security, network analysis, UML analysis, and so on. They can help to verify properties and, more generally, aid in exploring a system’s behavior.

While scenario finders are valuable for their ability to produce concrete examples, individual scenarios only give insight into what is possible, leaving the user to make their own conclusions about what might be necessary. This paper enriches scenario finding by allowing users to ask ‘‘why?’’ and ‘‘why not?’’ questions about the examples they are given. We show how to distinguish parts of an example that cannot be consistently removed (or changed) from those that merely reflect underconstraint in the specification. In the former case we show how to determine which elements of the specification and which other components of the example together explain the presence of such facts.

This paper formalizes the act of computing provenance in scenario-finding. We present Amalgam, an extension of the popular Alloy scenario-finder, which implements these foundations and provides interactive exploration of examples. We also evaluate Amalgam’s algorithmics on a variety of both textbook and real-world examples.

Comment

You can also get the artifact for the paper.

Paper

PDF


These papers may differ in formatting from the versions that appear in print. They are made available only to support the rapid dissemination of results; the printed versions, not these, should be considered definitive. The copyrights belong to their respective owners.