Reconciling behavioral mismatch through component restriction

In component-based software development there are often mismatches between system-level requirements and com- ponent behaviors. In general, bridging such mismatches requires mutual adaptation of system requirements and components. One kind of mismatch occurs when compo- nents permit behaviors that are not permitted by the sys- tem-level requirements. We identify restriction, the dis- abling of component behaviors, as an important way to bridge such mismatches. Unlike extension, which is well studied, restriction has received little attention. We present a model for reasoning about requirements for restriction, and a corresponding technique for implementing restric- tion, based on matching of partial models of component behaviors against state-machine-based partial system speci- fications. Our approach respects several difficulties in component-based development: (a) behaviorally complex components, (b) poorly documented component specifica- tions, (c) inability to change core component implementa- tions, and (d) a general lack of built-in restriction mecha- nisms in practice. To address these difficulties we use lightweight incremental specification of component opera- tions, obtained by reverse-engineering, and external adap- tors that adjust the behaviors of components by manipulat- ing their input streams. We describe our experience using this approach to restrict shrink-wrapped package compo- nents in the Galileo fault-tree analysis tool.