Proving feature non-interaction with Alternating-Time Temporal Logic

Feature Interaction. When engineers design a system with features, they wish to have methods to prove that the features do not interact in ways which are undesirable. A considerable literature is devoted to this ‘feature interaction problem’ [13,5]. One approach to demonstrating that features do not interact undesirably is to equip them with properties which are intended to hold of a system having the feature [18]. In this view, a feature is a pair (F, φ) consisting of the implementation of the feature F and a set of properties φ. Integrating a feature (F, φ) with a base system S consists of modifying the base system in the way described by the feature implementation and obtaining S+F . The integration is deemed successful if the resulting system satisfies the set of properties φ corresponding to the feature. Evidence that a feature (F1, φ1) does not negatively interact with feature (F2, φ2) may be obtained by verifying that introducing F2 in S+F1, (obtaining S+F1 +F2) does not destroy the properties φ1 previous introduced by feature F1, and vice versa.