SUPPORTING COMPONENT-BASED DEVELOPMENT - Frames for the Specification of Component Behaviours

Frames for the Specification of Component Behaviours

3. SUPPORTING COMPONENT-BASED DEVELOPMENT

which are applicable to the given finite-state control automata (frames) or, for instance, symbolic approaches such as the QDD approach described in Chap. 5.2

Once weak (ultra-weak) comm-safety is established for an assembly of component frames with synchronous or asynchronous connectors, Prop. 6.5 allows to conclude weak (ultra-weak) comm-safety for the implementation of the system as long as components are correctly implemented. Remember that our implementation relation (cf. Def. 6.2) is independent from the particular kind of connectors and hence works for systems with both, synchronous and asynchronous communication. Moreover it is important to note that this holds for all behaviours which are correct w.r.t. the frame of a given component. For example using an implementation of the component GZip with a behaviour that neither

sendscontnorstopis perfectly acceptable with regard tofrm(GZip)in Fig. 6.2d, and the

composition of the system on behavioural level is still comm-safe due to comm-safety on the frame level of the system.

3. Supporting Component-Based Development

In this section we show that our approach indeed supports characteristic features of component-based development. First, we examine support for top-down and bottom-up design approaches.

3.1. Top-Down and Bottom-Up Design. Top-down design decomposes a single specification into a number of separated specifications whose composition is either equivalent or a refinement of the original global specification. Then, if we use implementations for the composition’s parts, we are allowed to conclude that the composition of the implementations is a valid implementation of the original single specification. Bottom-up approaches start with detailed single components which are composed to create an implementation of some given specification. Under the assumption of correct component implementations our approach supports both, top-down and bottom-up approaches to component-based design. Theorem 6.8(Bottom-up) Leta∈Asmsuch that for allc:C∈cmps(a),beh(c:C)∈ [[frm(c:C)]]. LetHB=S

{lB|lB∈Tfrm(a)}. Thenbeh(a)\HBvgbfrm(a)\HBand

beh(a)_vbbfrm(_a)_.

PROOF. The first claim holds by Lem. 6.7 and then,beh(a)_vbbfrm(_a)_{follows from} Prop. 4.43 (1) and the invariance of blackbox refinement w.r.t. hiding of internal labels

(cf. Lem. 4.5).

Theorem 6.9 (Top-down) Let C ∈ Cmpand let a ∈ Asmsuch that for all d:D ∈ cmps(a),beh(d:D)_∈[[frm(d:D)]]. Iffrm(a)_vbbfrm(_C)_thenbeh(_a)

∈[[frm(C)]]. PROOF. By Thm. 6.8, transitivity of blackbox refinement, and Def. 6.2 of correct

implementations.

Example 6.10 (Top-down/Bottom-up) The compressing proxy system above was devel- oped using a mixture of top-down and bottom-up steps. Given the frame of the compressing proxy component, we seeked to identify existing components whose behaviour composition can be used to implement the given component. Thus, the first design step followed a bottom-up approach. Once appropriate components had been identified withGZipand

GifToJpg, however, the direction switched and we considered their frame specifications and

designed an adaptor component, aiming at establishing blackbox refinement between the composition of the frame specifications of all three components and the frame specification as given for the compressing proxy component.

108 6. FRAMES FOR THE SPECIFICATION OF COMPONENT BEHAVIOURS

3.2. Evolution in Hierarchical Systems. Besides the general support of component- based design approaches, any formal component model should also support modular sub- stitutability based on its refinement and implementation relations. We consider the notion of “component-wise evolution” [dAH01b]. Evolution aims at replacing an implementation without changing the frame of the original component. In this case it should suffice to check only correctness w.r.t. the frame of the original component in order to conclude the correctness of an evolved assembly. For the presentation of subsequent claims we will use the notations for type substitution in assemblies and composite components defined in Chap. 2 (Def. 2.22/2.23).

Proposition 6.11(Evolution) LetCC _∈ CCmp. Letc:C _∈ cmps(asm(CC))and let

∈ Cmpwith ports(C) = ports(C0₎_{. If}_beh₍_CC₎

∈ [[frm(CC)]]and beh(C0₎ ∈ [[frm(C)]]thenbeh(CC[c:C_7→C0_])

∈[[frm(CC)]].

PROOF. By Def. 6.2 of correct implementations we havepio(beh(C0))_vbbfrm(_C)_. By Prop. 4.10 it follows thatpio(beh(asm(CC)[c:C7→C0]))_vbbpio(beh(asm(CC)))_. Now, the claim follows by transitivity of blackbox refinement (cf. Prop. 4.8) and the defi-

nition of correct implementations.

Example 6.12(Evolution) Replacing the componentGZipby a different component, say

GZip’ which does not send stop messages is still correct w.r.t. frm(GZip) in 6.2d, i.e.

beh(GZip0) _∈ [[frm(GZip)]]and thus, by Prop. 6.11, we may replaceGZipby GZip’and still have a correct implementation offrm(CompressingProxy).

The following proposition shows the support of evolution for hierarchical component- based systems of depth two.3_{The proposition can be used to show support of evolution in}

arbitrary hierarchical systems by induction on the depth of the hierarchy.

Proposition 6.13(Hierarchy) LetCCT _∈CCmpsuch thatbeh(CC)_∈[[frm(CC)]]and letcc : CC _∈ cmps(asm(CCT)). Letc : C _∈ cmps(asm(CC))andC0

∈Cmpwith

ports(C) =ports(C0₎_{. If}_beh₍_C0₎

∈[[frm(C)]], then

beh(CCT_[_cc_:_CC

7→CC0])∈[[frm(CCT)]], whereCC0=CC[c:C7→C0]_.

PROOF. Using Prop. 6.11 we conclude from beh(C0₎

∈ [[frm(C)]] that CC0 _with CC0 ₌ _CC_[_c _: _C

7→ C0_] _{is still correct, that is} _beh₍_CC0₎

∈ [[frm(CC)]]. Now, for

cc:CC _∈ cmps(asm(CCT))it follows again by Prop. 6.11 thatbeh(CCT[cc:CC _7→

CC0_])

∈[[frm(CCT)]].

3.3. Weak- and Ultra-Weak Communication-Safety. So far we have discussed general support for top-down and bottom-up design approaches as well as general support for evolving (hierarchical) systems. Next we show that frame analysis for ultra-weak comm- safety carries over to frame refinements in top-down design approaches. Moreover, ultra- weak comm-safety is preserved under substitution of correct component behaviours for evolving (hierarchical) systems. The succeeding claims also hold for weak comm-safety. Strong compatibility, however, is not preserved by blackbox-refinement and hence strong comm-safety does not carry over. In order to get analogous results for strong comm-safety, a strong refinement relation must be applied that does not allow for the insertion and re- moval of internal transitions.

Proposition 6.14 (Comm-safe top-down design) Leta ∈ asmsuch that for alld:D ∈ cmps(a),beh(d:D)_∈[[frm(d:D)]]. Letc:C_∈cmps(asm(a))and letC0

∈Cmpwith

3_{The statement is similar to the claim on behaviour preservation for arbitrary nested hierarchies in the context}

of behaviour protocols [PV02, Thm. 3.4.4] (behaviour protocols are used as a formal model for component behaviours in SOFA).

3. SUPPORTING COMPONENT-BASED DEVELOPMENT 109

In document Janisch, Stephan (2010): Behaviour and Refinement of Port-Based Components with Synchronous and Asynchronous Communication. Dissertation, LMU München: Fakultät für Mathematik, Informatik und Statistik (Page 115-117)