Results 1 - 10
of
12
A Compositional Specification Theory for Component Behaviours
"... Abstract. We propose a compositional specification theory for reasoning about components that interact by synchronisation of input and output (I/O) actions, in which the specification of a component constrains the temporal ordering of interactions with the environment. Such a theory is motivated by ..."
Abstract
-
Cited by 15 (7 self)
- Add to MetaCart
(Show Context)
Abstract. We propose a compositional specification theory for reasoning about components that interact by synchronisation of input and output (I/O) actions, in which the specification of a component constrains the temporal ordering of interactions with the environment. Such a theory is motivated by the need to support composability of components, in addition to modelling environmental assumptions, and reasoning about run-time behaviour. Models can be specified operationally by means of I/O labelled transition systems augmented by an inconsistency predicate on states, or in a purely declarative manner by means of traces. We introduce a refinement preorder that supports safe-substitutivity of components. Our specification theory includes the operations of parallel composition for composing components at run-time, logical conjunction for independent development, and quotient for incremental development. We prove congruence properties of the operations and show correspondence between the operational and declarative frameworks. Keywords: specification theory, compositionality, components, I/O automata, interface automata, logic LTS, refinement, conjunction, quotient.
Assume-Guarantee Reasoning for Safe Component Behaviours
"... Abstract. We formulate a sound and complete assume-guarantee framework for reasoning compositionally about safety properties of component behaviours. The specification of a component, which constrains the temporal ordering of input and output interactions with the environment, is expressed in terms ..."
Abstract
-
Cited by 3 (1 self)
- Add to MetaCart
(Show Context)
Abstract. We formulate a sound and complete assume-guarantee framework for reasoning compositionally about safety properties of component behaviours. The specification of a component, which constrains the temporal ordering of input and output interactions with the environment, is expressed in terms of two prefix-closed sets of traces: an assumption and guarantee. The framework supports dynamic reasoning about components and specifications, and includes rules for parallel composition, logical conjunction corresponding to independent development, and quotient for incremental synthesis. Practical applicability of the framework is demonstrated by considering a simple printing example.
Contracts for the design of embedded systems, Part II: Theory
, 2011
"... This is Part II of a sequence of two papers on ..."
B.: Automated mediator synthesis: Combining Behavioural and Ontological Reasoning
- In: Proc. of SEFM (2013
"... Abstract. Software systems are increasingly composed of independently developed heterogeneous components. To ensure interoperability, mediators are needed that coordinate actions and translate exchanged messages between the components. We present a technique for automated synthesis of mediators, by ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
Abstract. Software systems are increasingly composed of independently developed heterogeneous components. To ensure interoperability, mediators are needed that coordinate actions and translate exchanged messages between the components. We present a technique for automated synthesis of mediators, by means of a quotient operator, that is based on behavioural models of the components and an ontological model of the data domain. By not requiring a specification of the composed system, the method supports both off-line and run-time synthesis. The obtained mediator is the most general component that ensures freedom of both communication mismatches and deadlock in the composition. Validation of the approach is given by implementation of a prototype tool, while applicability is illustrated on heterogeneous holiday booking components.
An Algebraic Theory of Interface Automata
"... We formulate a compositional specification theory for interface automata, where a component model specifies the allowed sequences of input and out-put interactions with the environment. A trace-based linear-time refinement is provided, which is the weakest preorder preserving substitutivity of com-p ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
We formulate a compositional specification theory for interface automata, where a component model specifies the allowed sequences of input and out-put interactions with the environment. A trace-based linear-time refinement is provided, which is the weakest preorder preserving substitutivity of com-ponents, and is weaker than the classical alternating simulation defined on interface automata. Since our refinement allows a component to be refined by refusing to produce any output, we also define a refinement relation that guarantees safety and progress. The theory includes the operations of paral-lel composition to support the structural composition of components, logical conjunction and disjunction for independent development, hiding to support abstraction of interfaces, and quotient for incremental synthesis of compo-nents. Our component formulation highlights the algebraic properties of the specification theory for both refinement preorders, and is shown to be fully abstract with respect to observation of communication mismatches. Exam-ples of independent and incremental component development are provided.
Adaptable transition systems
- in: Preproceedings of the 21st International Workshop on Algebraic Development Techniques (WADT
, 2012
"... Abstract. We present an essential model of adaptable transition sys-tems inspired by white-box approaches to adaptation and based on foun-dational models of component based systems. The key feature of adapt-able transition systems are control propositions, imposing a clear sepa-ration between ordina ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
Abstract. We present an essential model of adaptable transition sys-tems inspired by white-box approaches to adaptation and based on foun-dational models of component based systems. The key feature of adapt-able transition systems are control propositions, imposing a clear sepa-ration between ordinary, functional behaviours and adaptive ones. We instantiate our approach on interface automata yielding adaptable inter-face automata, but it may be instantiated on other foundational models of component-based systems as well. We discuss how control propositions can be exploited in the specification and analysis of adaptive systems, focusing on various notions proposed in the literature, like adaptability, control loops, and control synthesis.
Towards a connector algebra
- In ISoLA 2010
"... Abstract. Interoperability of heterogeneous networked systems has yet to reach the maturity required by ubiquitous computing due to the technology-dependent nature of solutions. The Connect Integrated Project attempts to develop a novel network infrastructure to allow heterogeneous networked system ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Abstract. Interoperability of heterogeneous networked systems has yet to reach the maturity required by ubiquitous computing due to the technology-dependent nature of solutions. The Connect Integrated Project attempts to develop a novel network infrastructure to allow heterogeneous networked systems to freely communicate with one another by synthesising the required connectors on-the-fly. A key objective of Connect is to build a comprehensive theory of composable connectors, by devising an algebra for rigorously characterising complex interaction protocols in order to support automated reasoning. With this aim in mind, we formalise a high-level algebra for reasoning about protocol mismatches. Basic mismatches can be solved by suitably defined primitives, while complex mismatches can be settled by composition operators that build connectors out of simpler ones. The semantics of the algebra is given in terms of Interface Automata, and an example in the domain of instant messaging is used to illustrate how the algebra can characterise the interaction behaviour of a connector for mediating protocols.
Model-based development and verification of control software for electric vehicles
- Proceedings of the 50th Annual Design Automation Conference (DAC
, 2013
"... Most innovations in the automotive domain are realized by electronics and software. Modern cars have up to 100 Elec-tronic Control Units (ECUs) that implement a variety of control applications in a distributed fashion. The tasks are mapped onto different ECUs, communicating via a het-erogeneous netw ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Most innovations in the automotive domain are realized by electronics and software. Modern cars have up to 100 Elec-tronic Control Units (ECUs) that implement a variety of control applications in a distributed fashion. The tasks are mapped onto different ECUs, communicating via a het-erogeneous network, comprising communication buses like CAN, FlexRay, and Ethernet. For electric vehicles, soft-ware functions play an essential role, replacing hydraulic and mechanic control systems. While model-based software development and verification are already used extensively in the automotive domain, their importance significantly in-creases in electric vehicles as safety-critical functions might no longer rely on mechanical (fall-back) solutions. The need for reducing costs, size, and weight in electric vehicles has also resulted in a considerable interest in topics such as the consolidation of ECUs as well as efficient implementation of control software. In this paper we discuss two broad issues related to model-based software development and verifica-tion in electric vehicles. The first is concerned with how to ensure that model-level semantics are preserved in an imple-mentation, which has important implications on the verifi-cation and certification of control software. The second issue is related to techniques for reducing the computational and communication demands of distributed automotive control algorithms. For both these topics we provide a broad intro-duction to the problem followed by a discussion on state-of-the-art techniques.
permission. Solving Parallel Equations with BALM-II
, 2012
"... All rights reserved. ..."
(Show Context)
Formal Model of a Protocol Converter
"... Reuse of components is a burgeoning field in chip design. Shorter time to market and assured quality are just two good reasons to reuse previously engineered components. Problems arise however when chip designers need to interface these components as they typically conform to different standards, or ..."
Abstract
- Add to MetaCart
Reuse of components is a burgeoning field in chip design. Shorter time to market and assured quality are just two good reasons to reuse previously engineered components. Problems arise however when chip designers need to interface these components as they typically conform to different standards, or no standards at all. The popular model of interfacing components such as protocols is via a ‘converter ’ that translates data between the components. We develop a theoretical model of a converter that will enable two given arbitrary protocols to communicate. This model includes buffers. We formally define correctness conditions, and guarantee that the resulting converter satisfies these conditions. We also allow the designer to define his own (CTL) conditions. As well, we allow protocols to be nondeterministic, and we ensure only valid data is sent to the converter. The verification of the conditions is carried out by a model checker (not reported in this work). We have implemented our theoretical model and we present experimental results.
