Interface Theories With Component Reuse

1
Interface Theories With Component Reuse
Laurent Doyen EPFL Thomas Henzinger EPFL Barbar
a Jobstmann EPFL Tatjana Petrov EPFL
2
Outline

• Motivation
• Interface theories and component-based design
• New operator component reuse
• Shared refinement Stateless Interfaces
• Shared refinement Stateful Interfaces
• Conclusions and future work

2
3
Interfaces
Odd(x)?
x int
y boolean
? Signature
Divide
x int
? Assertional
z real
y int, y!0

• analogy with type systems
• static checking at compile-time
• well-formed usable in some environment

3
4
Interface Automaton
FIFO
enq
deq
E
F
Size2Buffer
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq ,!deq)
(enq, !deq)
EF
EF
EF
(enq ,deq)
(!enq, deq)
Transition guards
Assumption !(deq, !enq) Guarantee
(E,!F)
4
5
Component-Based Design
I1
I2

I1
I12
I2
I11
I21
I22
I13
I11
I112
I111
5
6
Interface Theories
If A and B are compatible and A' ? A and
B' ? B, then A and B' are compatible and A'B'
? AB.
A
B

A
B
6
7
Component-Based Design
I1
I2

I1
I12
I2
I11
I21
I22
I13
I11
I112
I22 ? I112
I111
7
8
Interface Theories

• Parallel composition and feedback, Contravariant
  refinement relation
• gt independent implementiability
• gt stepwise refinement
• de Alfaro,
  Henzinger, 2001
• Shared refinement
• gt greatest lower bound in the refinement
  lattice
• gt associativity
• gt distributivity

8
9
Stateless Interface

• Predicates over input and output variables
• Wellformedness
• Inputs and outputs disjoint
• Assumption satisfiable
• Guarantee satisfiable

Guarantee over outputs
Assumption about inputs
Divide
x int
z real
y int, y!0
9
10
Parallel composition
A
y mod 3 0
even(x)
B
z mod 4 0
x gt 0
AB
A
y
even(x) (xgt0)
y mod 3 0 z mod 4 0
x
B
z
10
11
Parallel composition
A
y mod 3 0
even(x)
B
z mod 4 0
odd(x)
INCOMPATIBLE !
AB
A
y
y mod 3 0 z mod 4 0
x
FALSE
B
z
11
12
Connection
A
x
z
y
x0 gt y0
TRUE
Ac
x
z
y
forall x,z. (TRUE (xz)) gt (x0 gt y0)
TRUE (xz)
y0
12
13
Connection
Ac
z
y 0
TRUE
INCOMPATIBLE !
13
14
Connection
A
x
z
y
TRUE
x0 gt y0
Ad
x
z
y
forall y,z. (TRUE (yz)) gt (x0 gt y0)
TRUE (yz)
x ? 0
14
15
Connection
Ad
x
z
x ? 0
TRUE
INCOMPATIBLE !
15
16
Refinement Relation
A
even(y)
even(x)
B
y mod 4 0
x int
B refines A
16
17
Refinement Relation
C
y mod 3 0
even(x)
B
y mod 4 0
x int
Implementation must obey output guarantee ? B
does not refine C
17
18
Refinement Relation
D
even(y)
even(x)
B
y mod 4 0
odd(x)
Implementation must accept all permissible
inputs ? B does not refine D
18
19
Shared refinement
A
odd(y)
even(x)
even(x) OR xgt0
A ? B
FALSE
NOT SHARED-REFINABLE !
B
y mod 4 0
xgt0
(A ? B) can be used in any design as an
implementation of A, and as an implementation of
B
19
20
Shared refinement Properties
Greatest lower bound in the refinement
lattice Associativity Distributivity
A1
A2
a1
g1
a2
g2
A1 ? A2
a1 OR a2
g1 g2
A1 x A2
(A ? B) ? C A ? (B ? C)?
A (B ? C) (A C) ? (A C)
A ? (B C) (A ? C) (A ? C)
20
21
Shared refinement Properties
Greatest lower bound in the refinement
lattice
A3
B
A
C A ? B
for all C, if C A and C B then C A ? B
21
22
Shared refinement Properties
Associativity
A3
A1
B2
B1
A1 ? B1 ? B2 ? A3
23
Stateful Interface
FIFO
enq
deq
E
F
Size2Buffer
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq ,!deq)
(enq, !deq)
EF
EF
EF
(enq ,deq)
(!enq, deq)
Transition guards
Assumption !(deq, !enq) Guarantee
(E,!F)
24
Interface Theories

• Define
• Refinement relation
• Composition of interfaces
• so that
• Ensure
• If A and B is are compatible and A' ? A and B' ?
  B, then A and B' are compatible and A'B' ?
  AB.
• de Alfaro, Henzinger, 2001

24
25
Stateful Interface

• Wellformedness
• Satisfiable assumption in each state
  non-stopping
• Satisfiable guarantee in each state
• Deterministic

Size2Buffer
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq ,!deq)
(enq, !deq)
EF
EF
EF
(enq ,deq)
(!enq, deq)
25
26
Stateful Interfaces Refinement

• Alternating refinement simulation
• Alur, Henzinger, Kupferman, Vardi, 1998
• N refines M if there exists a relation R between
  the states such that (p,q) is in R when
• a(p) gt a(q)?
• g(q) gt g(p)?
• a(p) g(q) (p ? p) (q ? q) gt
  (p,q) in R

26
27
Stateful Interfaces Refinement
p1
x even
A
y int
x int
y int
q1 p1
q1
x int
y odd
p2
p3
x int
x even
y int
y odd
q3 p3
q2 p2
q2
q3
x even
x int
y odd
y int
28
Stateful Interfaces Refinement
SlowBuffer
(!enq ,!deq)
enq or deq
T
T
(!enq ,!deq)
Size2Buffer
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq,deq), (!enq, !deq)
(enq ,!deq)
(enq, !deq)
EF
EF
EF
(enq ,deq)
(!enq, deq)
28
29
Shared Refinement
I1
I2

I1
I12
I2
I11
I21
SlowBuffer
I13
I11
Size2Buffer
Size2Buffer ? SlowBuffer
I111
29
30
Stateful Interface
!e!d
e!d,!ed,ed
T
T
e!d
!e!d
!e!d
!e!d

!ed
!e!d
!ed
EF
EF
EF
e!d
!ed
Size2Buffer ? SlowBuffer
ed
!e!d
ed
e!d
!e!d
!e!d
ed
EF
EF
EF
!ed
!ed
ed
!ed
!ed
ed
ed
e!d
e!d
EF
EF
EF
!ed
!ed
30
31
Shared refinement Properties
Greatest lower bound in the refinement lattice
Associativity Distributivity
(A ? B) ? C A ? (B ? C)?
A (B ? C) (A C) ? (A C)
(A ? C) (A ? C) A ? (B C)
31
32
Shared refinement Properties
Distributivity
A (B ? C) (A C) ? (A C)
A
B
A
C
(AB) ? (AC)
32
33
Shared refinement Properties
Distributivity
A (B ? C) (A C) ? (A C)
A
B
A
C
(AB) ? (AC)
A
B ? C
A (B ? C)
33
34
View points
Timing T
Power P

• Functional
• F

F ? T ? P
34
35
Conclusions

• We extended the existing theory
• Possible Applications
• Implementation of view-points
• Refactoring of systems
• Use of standard components

35
36
Future Work

• Implementation of an automatic checker for shared
  refinability
• Asynchronous case
• Relationship to modal interfaces
• Benveniste et al. Residual for
  Component
  Specifications, 2007

36