Title: Interface Theories With Component Reuse
1Interface Theories With Component Reuse
Laurent Doyen EPFL Thomas Henzinger EPFL Barbar
a Jobstmann EPFL Tatjana Petrov EPFL
2Outline
- Motivation
- Interface theories and component-based design
- New operator component reuse
- Shared refinement Stateless Interfaces
- Shared refinement Stateful Interfaces
- Conclusions and future work
2
3Interfaces
Odd(x)?
x int
y boolean
? Signature
Divide
x int
? Assertional
z real
y int, y!0
- analogy with type systems
- static checking at compile-time
- well-formed usable in some environment
3
4Interface Automaton
FIFO
enq
deq
E
F
Size2Buffer
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq ,!deq)
(enq, !deq)
EF
EF
EF
(enq ,deq)
(!enq, deq)
Transition guards
Assumption !(deq, !enq) Guarantee
(E,!F)
4
5Component-Based Design
I1
I2
I1
I12
I2
I11
I21
I22
I13
I11
I112
I111
5
6Interface Theories
If A and B are compatible and A' ? A and
B' ? B, then A and B' are compatible and A'B'
? AB.
A
B
A
B
6
7Component-Based Design
I1
I2
I1
I12
I2
I11
I21
I22
I13
I11
I112
I22 ? I112
I111
7
8Interface Theories
- Parallel composition and feedback, Contravariant
refinement relation - gt independent implementiability
- gt stepwise refinement
- de Alfaro,
Henzinger, 2001 - Shared refinement
- gt greatest lower bound in the refinement
lattice - gt associativity
- gt distributivity
-
8
9Stateless Interface
- Predicates over input and output variables
- Wellformedness
- Inputs and outputs disjoint
- Assumption satisfiable
- Guarantee satisfiable
Guarantee over outputs
Assumption about inputs
Divide
x int
z real
y int, y!0
9
10Parallel composition
A
y mod 3 0
even(x)
B
z mod 4 0
x gt 0
AB
A
y
even(x) (xgt0)
y mod 3 0 z mod 4 0
x
B
z
10
11Parallel composition
A
y mod 3 0
even(x)
B
z mod 4 0
odd(x)
INCOMPATIBLE !
AB
A
y
y mod 3 0 z mod 4 0
x
FALSE
B
z
11
12Connection
A
x
z
y
x0 gt y0
TRUE
Ac
x
z
y
forall x,z. (TRUE (xz)) gt (x0 gt y0)
TRUE (xz)
y0
12
13Connection
Ac
z
y 0
TRUE
INCOMPATIBLE !
13
14Connection
A
x
z
y
TRUE
x0 gt y0
Ad
x
z
y
forall y,z. (TRUE (yz)) gt (x0 gt y0)
TRUE (yz)
x ? 0
14
15Connection
Ad
x
z
x ? 0
TRUE
INCOMPATIBLE !
15
16Refinement Relation
A
even(y)
even(x)
B
y mod 4 0
x int
B refines A
16
17Refinement Relation
C
y mod 3 0
even(x)
B
y mod 4 0
x int
Implementation must obey output guarantee ? B
does not refine C
17
18Refinement Relation
D
even(y)
even(x)
B
y mod 4 0
odd(x)
Implementation must accept all permissible
inputs ? B does not refine D
18
19Shared refinement
A
odd(y)
even(x)
even(x) OR xgt0
A ? B
FALSE
NOT SHARED-REFINABLE !
B
y mod 4 0
xgt0
(A ? B) can be used in any design as an
implementation of A, and as an implementation of
B
19
20Shared refinement Properties
Greatest lower bound in the refinement
lattice Associativity Distributivity
A1
A2
a1
g1
a2
g2
A1 ? A2
a1 OR a2
g1 g2
A1 x A2
(A ? B) ? C A ? (B ? C)?
A (B ? C) (A C) ? (A C)
A ? (B C) (A ? C) (A ? C)
20
21Shared refinement Properties
Greatest lower bound in the refinement
lattice
A3
B
A
C A ? B
for all C, if C A and C B then C A ? B
21
22Shared refinement Properties
Associativity
A3
A1
B2
B1
A1 ? B1 ? B2 ? A3
23Stateful Interface
FIFO
enq
deq
E
F
Size2Buffer
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq ,!deq)
(enq, !deq)
EF
EF
EF
(enq ,deq)
(!enq, deq)
Transition guards
Assumption !(deq, !enq) Guarantee
(E,!F)
24Interface Theories
- Define
- Refinement relation
- Composition of interfaces
- so that
- Ensure
- If A and B is are compatible and A' ? A and B' ?
B, then A and B' are compatible and A'B' ?
AB. - de Alfaro, Henzinger, 2001
24
25Stateful Interface
- Wellformedness
- Satisfiable assumption in each state
non-stopping - Satisfiable guarantee in each state
- Deterministic
Size2Buffer
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq ,!deq)
(enq, !deq)
EF
EF
EF
(enq ,deq)
(!enq, deq)
25
26Stateful Interfaces Refinement
- Alternating refinement simulation
- Alur, Henzinger, Kupferman, Vardi, 1998
- N refines M if there exists a relation R between
the states such that (p,q) is in R when - a(p) gt a(q)?
- g(q) gt g(p)?
- a(p) g(q) (p ? p) (q ? q) gt
(p,q) in R
26
27Stateful Interfaces Refinement
p1
x even
A
y int
x int
y int
q1 p1
q1
x int
y odd
p2
p3
x int
x even
y int
y odd
q3 p3
q2 p2
q2
q3
x even
x int
y odd
y int
28Stateful Interfaces Refinement
SlowBuffer
(!enq ,!deq)
enq or deq
T
T
(!enq ,!deq)
Size2Buffer
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq ,!deq)
(enq, !deq)
EF
EF
EF
(enq ,deq)
(!enq, deq)
28
29Shared Refinement
I1
I2
I1
I12
I2
I11
I21
SlowBuffer
I13
I11
Size2Buffer
Size2Buffer ? SlowBuffer
I111
29
30Stateful Interface
!e!d
e!d,!ed,ed
T
T
e!d
!e!d
!e!d
!e!d
!ed
!e!d
!ed
EF
EF
EF
e!d
!ed
Size2Buffer ? SlowBuffer
ed
!e!d
ed
e!d
!e!d
!e!d
ed
EF
EF
EF
!ed
!ed
ed
!ed
!ed
ed
ed
e!d
e!d
EF
EF
EF
!ed
!ed
30
31Shared refinement Properties
Greatest lower bound in the refinement lattice
Associativity Distributivity
(A ? B) ? C A ? (B ? C)?
A (B ? C) (A C) ? (A C)
(A ? C) (A ? C) A ? (B C)
31
32Shared refinement Properties
Distributivity
A (B ? C) (A C) ? (A C)
A
B
A
C
(AB) ? (AC)
32
33Shared refinement Properties
Distributivity
A (B ? C) (A C) ? (A C)
A
B
A
C
(AB) ? (AC)
A
B ? C
A (B ? C)
33
34View points
Timing T
Power P
F ? T ? P
34
35Conclusions
- We extended the existing theory
- Possible Applications
- Implementation of view-points
- Refactoring of systems
- Use of standard components
35
36Future Work
- Implementation of an automatic checker for shared
refinability - Asynchronous case
- Relationship to modal interfaces
- Benveniste et al. Residual for
Component
Specifications, 2007
36