![Page 1: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/1.jpg)
Modeling and Verificationof Components and Connectors
Christel BaierTechnische Universitat Dresden
joint work with Tobias BlechmannJoachim KleinSascha Kluppelholz
1 / 338
![Page 2: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/2.jpg)
Components and connectors 010
connectorconnectorconnector
C2C2C2
C3C3C3C1C1C1
C4C4C4
coordination provided by a component connector
2 / 338
![Page 3: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/3.jpg)
Components and connectors 010
connectorconnectorconnector
C2C2C2
C3C3C3C1C1C1
C4C4C4
coordination provided by a component connector
••• glue clode: orchestrates the interactionsof possibly heterogenous components
• synchronous and asynchronous communication,possibly data-dependent
3 / 338
![Page 4: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/4.jpg)
Components and connectors 011
connectorconnectorconnector
Server1Server1Server1
Server2Server2Server2
Server3Server3Server3
ResourceResourceResource
example: connector for orchestrating the interactionsof multiple servers and shared resources
4 / 338
![Page 5: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/5.jpg)
Components and connectors 012
connectorconnectorconnector
ClientClientClientFlightFlightFlight
ReservationReservationReservation
ConcertConcertConcertReservationReservationReservation
HotelHotelHotelReservationReservationReservation
example: orchestrating multiple webservices:
“only book flight and hotel if booking of theconcert ticket is successfull”
5 / 338
![Page 6: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/6.jpg)
Components and connectors 013
C2C2C2
C3C3C3C1C1C1
C4C4C4
here: coordination arises from combinationbasic channels forming a network
6 / 338
![Page 7: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/7.jpg)
Components and connectors 013
C2C2C2
C3C3C3C1C1C1
C4C4C4
modeling approach for components and connectors,relying on
• calculus of channels
• operational LTS-likesemantics
7 / 338
![Page 8: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/8.jpg)
Components and connectors 013
C2C2C2
C3C3C3C1C1C1
C4C4C4
modeling approach for components and connectors,relying on
• calculus of channels ←−←−←− Reo
• operational LTS-likesemantics
8 / 338
![Page 9: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/9.jpg)
Components and connectors 013
C2C2C2
C3C3C3C1C1C1
C4C4C4
modeling approach for components and connectors,relying on
• calculus of channels ←−←−←− Reo
• operational LTS-likesemantics ←−←−←− constraint automata
9 / 338
![Page 10: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/10.jpg)
Model checking 020
requirements
specificationSPEC
abstract systemmodelMMM
model checker“doesMMM satisfy SPEC ?”
“no” +++ counterexample “yes” +++ witness10 / 338
![Page 11: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/11.jpg)
Model checking components and connectors 020
requirements
specificationSPEC
constraint automatonMMM = C1‖. . .‖Cn= C1‖. . .‖Cn= C1‖. . .‖Cn
model checker“doesMMM satisfy SPEC ?”
componentinterfaces
(CA)
“no” +++ counterexample “yes” +++ witness
compositional
11 / 338
![Page 12: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/12.jpg)
Model checking components and connectors 020
requirements
specificationSPEC
constraint automatonMMM = C1‖. . .‖Cn= C1‖. . .‖Cn= C1‖. . .‖Cn ‖R‖R‖R
model checker“doesMMM satisfy SPEC ?”
componentinterfaces
(CA)
Reo connector“glue code”
“no” +++ counterexample “yes” +++ witness
compositional
12 / 338
![Page 13: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/13.jpg)
Model checking components and connectors 020
requirements
formula of sometemporal logic
constraint automatonMMM = C1‖. . .‖Cn= C1‖. . .‖Cn= C1‖. . .‖Cn ‖R‖R‖R
model checker“doesMMM satisfy SPEC ?”
componentinterfaces
(CA)
Reo connector“glue code”
“no” +++ counterexample “yes” +++ witness
compositional
13 / 338
![Page 14: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/14.jpg)
Overview 031
1 Modelling components and connectors
constraint automata (CA)coordination language Reo
2 Model checking with CA
Linear Temporal LogicAlternating Stream Logic
3 Synthesis of connectors
14 / 338
![Page 15: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/15.jpg)
Overview mca
1 Modelling components and connectors
constraint automata (CA) ←−←−←−coordination language Reo
2 Model checking with CA
Linear Temporal LogicAlternating Stream Logic
3 Synthesis of connectors
15 / 338
![Page 16: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/16.jpg)
Constraint automaton (CA) 210
an LTS-like automata model for
• component interfaces C1, . . . ,CnC1, . . . ,CnC1, . . . ,Cn
• glue code, i.e., Reo network of channels RRR• composite system C1‖. . .‖Cn‖RC1‖. . .‖Cn‖RC1‖. . .‖Cn‖R
16 / 338
![Page 17: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/17.jpg)
Constraint automaton (CA) 210
A constraint automaton is a tuple A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)
17 / 338
![Page 18: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/18.jpg)
Constraint automaton (CA) 210
A constraint automaton is a tuple A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)
• QQQ is the state space
18 / 338
![Page 19: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/19.jpg)
Constraint automaton (CA) 210
A constraint automaton is a tuple A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)
• QQQ is the state space
• Q0 ⊆ QQ0 ⊆ QQ0 ⊆ Q the set of initial states
19 / 338
![Page 20: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/20.jpg)
Constraint automaton (CA) 210
A constraint automaton is a tuple A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)
• QQQ is the state space
• Q0 ⊆ QQ0 ⊆ QQ0 ⊆ Q the set of initial states
• NNN is the set of port or node names
20 / 338
![Page 21: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/21.jpg)
Constraint automaton (CA) 210
A constraint automaton is a tuple A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)
• QQQ is the state space
• Q0 ⊆ QQ0 ⊆ QQ0 ⊆ Q the set of initial states
• NNN is the set of port or node names���NinNinNin and NoutNoutNout are disjoint subsets of NNN ,
specifying I/O-ports of a component or connector
21 / 338
![Page 22: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/22.jpg)
Constraint automaton (CA) 210
A constraint automaton is a tuple A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)
• QQQ is the state space
• Q0 ⊆ QQ0 ⊆ QQ0 ⊆ Q the set of initial states
• NNN is the set of port or node names
• transition relation −→⊆ Q × 2N × DC × Q−→⊆ Q × 2N × DC × Q−→⊆ Q × 2N × DC × Q
22 / 338
![Page 23: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/23.jpg)
Constraint automaton (CA) 210
A constraint automaton is a tuple A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)
• QQQ is the state space
• Q0 ⊆ QQ0 ⊆ QQ0 ⊆ Q the set of initial states
• NNN is the set of port or node names
• transition relation −→⊆ Q × 2N × DC × Q−→⊆ Q × 2N × DC × Q−→⊆ Q × 2N × DC × Q
transitions have the form qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ where
q, q′ ∈ Qq, q′ ∈ Qq, q′ ∈ Q are states,N ⊆ NN ⊆ NN ⊆ N set of active ports
23 / 338
![Page 24: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/24.jpg)
Constraint automaton (CA) 210
A constraint automaton is a tuple A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)
• QQQ is the state space
• Q0 ⊆ QQ0 ⊆ QQ0 ⊆ Q the set of initial states
• NNN is the set of port or node names
• transition relation −→⊆ Q × 2N × DC × Q−→⊆ Q × 2N × DC × Q−→⊆ Q × 2N × DC × Q
transitions have the form qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ where
q, q′ ∈ Qq, q′ ∈ Qq, q′ ∈ Q are states,N ⊆ NN ⊆ NN ⊆ N set of active portsg ∈ DC (N)g ∈ DC (N)g ∈ DC (N) data constraint for the data items
sent or received at the active ports24 / 338
![Page 25: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/25.jpg)
Data constraints 220
Boolean conditions on the sent or received data itemsat the I/O-ports of components or nodes of the network
25 / 338
![Page 26: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/26.jpg)
Data constraints 220
Boolean conditions on the sent or received data itemsat the I/O-ports of components or nodes of the network
g ::=g ::=g ::= dA = ddA = ddA = d∣∣∣∣∣∣ dA = dBdA = dBdA = dB
∣∣∣∣∣∣ g1 ∨ g2g1 ∨ g2g1 ∨ g2∣∣∣∣∣∣ ¬g¬g¬g
finite, global data domain DataDataData
26 / 338
![Page 27: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/27.jpg)
Data constraints 220
Boolean conditions on the sent or received data itemsat the I/O-ports of components or nodes of the network
g ::=g ::=g ::= dA = ddA = ddA = d∣∣∣∣∣∣ dA = dBdA = dBdA = dB
∣∣∣∣∣∣ g1 ∨ g2g1 ∨ g2g1 ∨ g2∣∣∣∣∣∣ ¬g¬g¬g���
data value at port AAAequals d ∈ Datad ∈ Datad ∈ Data
finite, global data domain DataDataData
27 / 338
![Page 28: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/28.jpg)
Data constraints 220
Boolean conditions on the sent or received data itemsat the I/O-ports of components or nodes of the network
g ::=g ::=g ::= dA = ddA = ddA = d∣∣∣∣∣∣ dA = dBdA = dBdA = dB
∣∣∣∣∣∣ g1 ∨ g2g1 ∨ g2g1 ∨ g2∣∣∣∣∣∣ ¬g¬g¬g��� ���
data value at port AAAequals d ∈ Datad ∈ Datad ∈ Data
data values at portsAAA and BBB agree
finite, global data domain DataDataData
28 / 338
![Page 29: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/29.jpg)
Executions in constraint automata 240
29 / 338
![Page 30: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/30.jpg)
Executions in constraint automata 240
sequence of transitions in CA
q0N1, g1−−−−→ q1
N2, g2−−−−→ q2N3, g3−−−−→ . . .q0
N1, g1−−−−→ q1N2, g2−−−−→ q2
N3, g3−−−−→ . . .q0N1, g1−−−−→ q1
N2, g2−−−−→ q2N3, g3−−−−→ . . .
induces a set of executions
η = q0c1−→ q1
c2−→ q2c3−→ . . .η = q0
c1−→ q1c2−→ q2
c3−→ . . .η = q0c1−→ q1
c2−→ q2c3−→ . . .
where c1, c2, c3, . . .c1, c2, c3, . . .c1, c2, c3, . . . are concurrent I/O operations
30 / 338
![Page 31: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/31.jpg)
Executions in constraint automata 240
sequence of transitions in CA
q0N1, g1−−−−→ q1
N2, g2−−−−→ q2N3, g3−−−−→ . . .q0
N1, g1−−−−→ q1N2, g2−−−−→ q2
N3, g3−−−−→ . . .q0N1, g1−−−−→ q1
N2, g2−−−−→ q2N3, g3−−−−→ . . .
induces a set of executions
η = q0c1−→ q1
c2−→ q2c3−→ . . .η = q0
c1−→ q1c2−→ q2
c3−→ . . .η = q0c1−→ q1
c2−→ q2c3−→ . . .
where c1, c2, c3, . . .c1, c2, c3, . . .c1, c2, c3, . . . are concurrent I/O operations���simultaneous
send/receive operationsat the active ports
31 / 338
![Page 32: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/32.jpg)
Executions in constraint automata 240
sequence of transitions in CA
q0N1, g1−−−−→ q1
N2, g2−−−−→ q2N3, g3−−−−→ . . .q0
N1, g1−−−−→ q1N2, g2−−−−→ q2
N3, g3−−−−→ . . .q0N1, g1−−−−→ q1
N2, g2−−−−→ q2N3, g3−−−−→ . . .
induces a set of executions
η = q0c1−→ q1
c2−→ q2c3−→ . . .η = q0
c1−→ q1c2−→ q2
c3−→ . . .η = q0c1−→ q1
c2−→ q2c3−→ . . .
where c1, c2, c3, . . .c1, c2, c3, . . .c1, c2, c3, . . . are concurrent I/O operations
ci : Ni → Dataci : Ni → Dataci : Ni → Data is a data assignment with ci |= gici |= gici |= gi
assigns to each port A ∈ NiA ∈ NiA ∈ Ni the data itemsent or received at AAA
32 / 338
![Page 33: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/33.jpg)
Example: elevator system 250
33 / 338
![Page 34: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/34.jpg)
Example: elevator system 250
UpUpUp
DownDownDown
LevelLevelLevel
UpUpUp
DownDownDown
LevelLevelLevel
FromFromFrom
ToToTo
FromFromFrom
ToToTo
34 / 338
![Page 35: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/35.jpg)
Example: CA for elevator component 255
UpUpUp
DownDownDown
LevelLevelLevel
UpUpUp
DownDownDown
LevelLevelLevel
FromFromFrom
ToToTo
FromFromFrom
ToToTo
port set N = {Up,Down, Level}N = {Up,Down, Level}N = {Up,Down, Level}Nin = {Up,Down}Nin = {Up,Down}Nin = {Up,Down}, Nout = {Level}Nout = {Level}Nout = {Level}Data = {1, 2, 3}Data = {1, 2, 3}Data = {1, 2, 3} three floors
35 / 338
![Page 36: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/36.jpg)
Example: CA for elevator component 255
UpUpUp
DownDownDown
LevelLevelLevel
UpUpUp
DownDownDown
LevelLevelLevel
FromFromFrom
ToToTo
FromFromFrom
ToToTo
level 111 level 222 level 333
{Up}{Up}{Up}, truetruetrue {Up}{Up}{Up}, truetruetrue
{Down}{Down}{Down}, truetruetrue {Down}{Down}{Down}, truetruetrue
Data = {1, 2, 3}Data = {1, 2, 3}Data = {1, 2, 3} three floors36 / 338
![Page 37: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/37.jpg)
Example: CA for elevator component 255
UpUpUp
DownDownDown
LevelLevelLevel
UpUpUp
DownDownDown
LevelLevelLevel
FromFromFrom
ToToTo
FromFromFrom
ToToTo
level 111 level 222 level 333
{Up}{Up}{Up}, truetruetrue {Up}{Up}{Up}, truetruetrue
{Down}{Down}{Down}, truetruetrue {Down}{Down}{Down}, truetruetrue
{Level}{Level}{Level},dLevel = 1dLevel = 1dLevel = 1
{Level}{Level}{Level},dLevel = 2dLevel = 2dLevel = 2
{Level}{Level}{Level},dLevel = 3dLevel = 3dLevel = 3
37 / 338
![Page 38: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/38.jpg)
Example: CA for request component 260
UpUpUp UpUpUp
DownDownDown DownDownDown
LevelLevelLevel LevelLevelLevel
FromFromFrom FromFromFrom
ToToTo ToToTo
q0q0q0{From,To}{From,To}{From,To},dFrom �= dTodFrom �= dTodFrom �= dTo
N = Nout = {From,To}N = Nout = {From,To}N = Nout = {From,To} Nin = ∅Nin = ∅Nin = ∅
38 / 338
![Page 39: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/39.jpg)
Parallel composition of CA 270
constraint automaton for the composite system isbuilt compositionally using parallel operator ������
39 / 338
![Page 40: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/40.jpg)
Parallel composition of CA 270
constraint automaton for the composite system isbuilt compositionally using parallel operator ������
C1 �� C2 �� . . . �� CnC1 �� C2 �� . . . �� CnC1 �� C2 �� . . . �� Cn︸ ︷︷ ︸CA for thecomponentinterfaces
40 / 338
![Page 41: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/41.jpg)
Parallel composition of CA 270
constraint automaton for the composite system isbuilt compositionally using parallel operator ������
C1 �� C2 �� . . . �� CnC1 �� C2 �� . . . �� CnC1 �� C2 �� . . . �� Cn ������ RRR︸ ︷︷ ︸ ���CA for thecomponentinterfaces
CA for theconnector, e.g.,Reo network
41 / 338
![Page 42: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/42.jpg)
Parallel composition of CA 270
constraint automaton for the composite system isbuilt compositionally using parallel operator ������
C1 �� C2 �� . . . �� CnC1 �� C2 �� . . . �� CnC1 �� C2 �� . . . �� Cn ������ RRR︸ ︷︷ ︸ ���CA for thecomponentinterfaces
CA for theconnector, e.g.,Reo network
relies on a product construction with
• synchronization over shared ports
• interleaving of I/O-operationswithout shared ports
42 / 338
![Page 43: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/43.jpg)
Product for constraint automata 275
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCC
such that classification into input or outputports is “compatible”
43 / 338
![Page 44: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/44.jpg)
Product for constraint automata 275
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCC
A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10) A2 = (Q2,N2,−→2,Q
20)A2 = (Q2,N2,−→2,Q20)A2 = (Q2,N2,−→2,Q20)
such that classification into input or outputports is “compatible”
44 / 338
![Page 45: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/45.jpg)
Product for constraint automata 275
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCC
A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10) A2 = (Q2,N2,−→2,Q
20)A2 = (Q2,N2,−→2,Q20)A2 = (Q2,N2,−→2,Q20)
A1 �� A2 =A1 �� A2 =A1 �� A2 = (Q1 × Q2,Q1 × Q2,Q1 × Q2, . . . ). . . ). . . )
45 / 338
![Page 46: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/46.jpg)
Product for constraint automata 275
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCC
A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10) A2 = (Q2,N2,−→2,Q
20)A2 = (Q2,N2,−→2,Q20)A2 = (Q2,N2,−→2,Q20)
A1 �� A2 =A1 �� A2 =A1 �� A2 = (Q1 × Q2,Q1 × Q2,Q1 × Q2, N1 ∪N2,N1 ∪N2,N1 ∪ N2, . . . ). . . ). . . )
46 / 338
![Page 47: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/47.jpg)
Product for constraint automata 275
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCC
A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10) A2 = (Q2,N2,−→2,Q
20)A2 = (Q2,N2,−→2,Q20)A2 = (Q2,N2,−→2,Q20)
A1 �� A2 =A1 �� A2 =A1 �� A2 = (Q1 × Q2,Q1 × Q2,Q1 × Q2, N1 ∪N2,N1 ∪N2,N1 ∪ N2, −→,−→,−→, Q10 × Q2
0)Q10 × Q2
0)Q10 × Q2
0)
47 / 338
![Page 48: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/48.jpg)
Product for constraint automata 275
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCCBBB BBB
BBBBBB
A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10)A1 = (Q1,N1,−→1,Q10) A2 = (Q2,N2,−→2,Q
20)A2 = (Q2,N2,−→2,Q20)A2 = (Q2,N2,−→2,Q20)
A1 �� A2 =A1 �� A2 =A1 �� A2 = (Q1 × Q2,Q1 × Q2,Q1 × Q2, N1 ∪N2,N1 ∪N2,N1 ∪ N2, −→,−→,−→, Q10 × Q2
0)Q10 × Q2
0)Q10 × Q2
0)���synchronizing over the shared ports
B ∈ N1 ∩ N2B ∈ N1 ∩N2B ∈ N1 ∩N248 / 338
![Page 49: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/49.jpg)
Product for constraint automata 280
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCC
I/O-operations of A1A1A1 without shared ports
q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1 and N1 ∩N2 = ∅N1 ∩N2 = ∅N1 ∩ N2 = ∅
〈q1, q2〉 N1, g1−−−−→ 〈q′1, q2〉〈q1, q2〉 N1, g1−−−−→ 〈q′1, q2〉〈q1, q2〉 N1, g1−−−−→ 〈q′1, q2〉
49 / 338
![Page 50: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/50.jpg)
Product for constraint automata 280
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCCAAA
AAA
I/O-operations of A1A1A1 without shared ports
q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1 and N1 ∩N2 = ∅N1 ∩N2 = ∅N1 ∩ N2 = ∅
〈q1, q2〉 N1, g1−−−−→ 〈q′1, q2〉〈q1, q2〉 N1, g1−−−−→ 〈q′1, q2〉〈q1, q2〉 N1, g1−−−−→ 〈q′1, q2〉“data flow only at non-shared ports of A1A1A1”
50 / 338
![Page 51: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/51.jpg)
Product for constraint automata 280
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCCCCC
CCC
I/O-operations of A2A2A2 without shared ports
q2N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2 and N2 ∩N1 = ∅N2 ∩N1 = ∅N2 ∩ N1 = ∅
〈q1, q2〉 N2, g2−−−−→ 〈q1, q′2〉〈q1, q2〉 N2, g2−−−−→ 〈q1, q′2〉〈q1, q2〉 N2, g2−−−−→ 〈q1, q′2〉“data flow only at non-shared ports of A2A2A2”
51 / 338
![Page 52: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/52.jpg)
Product for constraint automata 280
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCC
synchronized data flow at shared ports:
q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1 ∧∧∧ q2
N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2 ∧∧∧ N1 ∩ N2 = N2 ∩ N1N1 ∩N2 = N2 ∩N1N1 ∩N2 = N2 ∩N1
〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉
52 / 338
![Page 53: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/53.jpg)
Product for constraint automata 280
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCCBBB BBB
BBBBBB
synchronized data flow at shared ports:
q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1 ∧∧∧ q2
N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2 ∧∧∧ N1 ∩ N2 = N2 ∩ N1N1 ∩N2 = N2 ∩N1N1 ∩N2 = N2 ∩N1
〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉
53 / 338
![Page 54: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/54.jpg)
Product for constraint automata 280
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCCAAA
AAA
BBB BBB
BBBBBB
synchronized data flow at shared ports:
q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1 ∧∧∧ q2
N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2 ∧∧∧ N1 ∩ N2 = N2 ∩ N1N1 ∩N2 = N2 ∩N1N1 ∩N2 = N2 ∩N1
〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉
possibly in parallel with data flow at non-shared ports
54 / 338
![Page 55: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/55.jpg)
Product for constraint automata 280
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCCBBB BBB
BBBBBB
CCC
CCC
synchronized data flow at shared ports:
q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1 ∧∧∧ q2
N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2 ∧∧∧ N1 ∩ N2 = N2 ∩ N1N1 ∩N2 = N2 ∩N1N1 ∩N2 = N2 ∩N1
〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉
possibly in parallel with data flow at non-shared ports
55 / 338
![Page 56: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/56.jpg)
Product for constraint automata 280
BBB BBB
N1 = {A,B}N1 = {A,B}N1 = {A,B} N2 = {B,C}N2 = {B,C}N2 = {B,C}A1A1A1 A2A2A2
AAA CCCAAA
AAA
CCC
CCC
synchronized data flow at shared ports:
q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1q1N1, g1−−−−→ q′1 ∧∧∧ q2
N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2q2N2, g2−−−−→ q′2 ∧∧∧ N1 ∩ N2 = N2 ∩ N1N1 ∩N2 = N2 ∩N1N1 ∩N2 = N2 ∩N1
〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉〈q1, q2〉 N1 ∪ N2, g1 ∧ g2−−−−−−−−−−−→ 〈q′1, q′2〉... covers the case where N1 ∩ N2 = N2 ∩ N1 = ∅N1 ∩N2 = N2 ∩N1 = ∅N1 ∩N2 = N2 ∩N1 = ∅
(needed to ensure associativity)56 / 338
![Page 57: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/57.jpg)
Overview mreo
1 Modelling components and connectors
constraint automata (CA)coordination language Reo ←−←−←−
2 Model checking with CA
Linear Temporal LogicAlternating Stream Logic
3 Synthesis of connectors
57 / 338
![Page 58: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/58.jpg)
Coordination language Reo [Arbab’04] 110
58 / 338
![Page 59: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/59.jpg)
Coordination language Reo [Arbab’04] 110
• exogenous coordination aims to provide a strictseparation between computation and coordination
59 / 338
![Page 60: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/60.jpg)
Coordination language Reo [Arbab’04] 110
• exogenous coordination aims to provide a strictseparation between computation and coordination
• offers a compositional framework to construct
component connectors based on a calculus of channels
60 / 338
![Page 61: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/61.jpg)
Coordination language Reo [Arbab’04] 110
• exogenous coordination aims to provide a strictseparation between computation and coordination
• offers a compositional framework to construct
component connectors based on a calculus of channels
∗∗∗ creating a new channel
∗∗∗ joining channel ends in a node
∗∗∗ building components by hiding nodes
61 / 338
![Page 62: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/62.jpg)
Coordination language Reo [Arbab’04] 110
• exogenous coordination aims to provide a strictseparation between computation and coordination
• offers a compositional framework to construct
component connectors based on a calculus of channels
∗∗∗ creating a new channel
∗∗∗ joining channel ends in a node
∗∗∗ building components by hiding nodes
Reo network: graph of channelsedges: channelsnodes: combine several channel ends
62 / 338
![Page 63: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/63.jpg)
Coordination language Reo [Arbab’04] 110
• exogenous coordination aims to provide a strictseparation between computation and coordination
• offers a compositional framework to construct
component connectors based on a calculus of channels
∗∗∗ creating a new channel
∗∗∗ joining channel ends in a node
∗∗∗ building components by hiding nodes
Reo network: graph of channels ←−←−←−semantics:constraintautomatonedges: channels
nodes: combine several channel ends
63 / 338
![Page 64: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/64.jpg)
Semantics of Reo 140
Reo network RRR
relation oftimed data streams
constraintautomaton ARARAR
declarativespecificationof a connector
coalgebraicsemantics
operationalsemantics
64 / 338
![Page 65: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/65.jpg)
Semantics of Reo 140
Reo network RRR
relation oftimed data streams
constraintautomaton ARARAR
declarativespecificationof a connector
states === configurations of RRR(e.g., content of FIFO channels)
65 / 338
![Page 66: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/66.jpg)
Semantics of Reo 140
Reo network RRR
relation oftimed data streams
constraintautomaton ARARAR
declarativespecificationof a connector
compositional
states === configurations of RRR(e.g., content of FIFO channels)
compositional approach: CA ARARAR arises from the productof the CA for the channels, nodes, (sub-)connectors of RRR
66 / 338
![Page 67: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/67.jpg)
Semantics of Reo 140
Reo network RRR
relation oftimed data streams
constraintautomaton ARARAR
declarativespecificationof a connector
compositional
states === configurations of RRR(e.g., content of FIFO channels)
compositional approach: CA ARARAR arises from the productof the CA for the channels, nodes, (sub-)connectors of RRRcomposite system: C1 �� . . . �� Cn �� ARC1 �� . . . �� Cn �� ARC1 �� . . . �� Cn �� AR
67 / 338
![Page 68: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/68.jpg)
Overview mreo-chan
1 Modelling components and connectors
constraint automata (CA)coordination language Reo
Reo channels ←−←−←−Reo nodes
2 Model checking with CA
Linear Temporal LogicAlternating Stream Logic
3 Synthesis of connectors
68 / 338
![Page 69: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/69.jpg)
Reo channels 305
• provide the basic building blocksfor the connector glue code
69 / 338
![Page 70: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/70.jpg)
Reo channels 305
• provide the basic building blocksfor the connector glue code
• have two channel ends,each can be either a source or a sink end
∗∗∗ source end:
data item enters channel
∗∗∗ sink end:
data item leaves channel
70 / 338
![Page 71: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/71.jpg)
Reo channels 305
• provide the basic building blocksfor the connector glue code
• have two channel ends,each can be either a source or a sink end
∗∗∗ source end:
data item enters channel ←−←−←− input port
∗∗∗ sink end:
data item leaves channel ←−←−←− output port
71 / 338
![Page 72: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/72.jpg)
Reo channels 305
• provide the basic building blocksfor the connector glue code
• have two channel ends,each can be either a source or a sink end
∗∗∗ source end:
data item enters channel ←−←−←− input port
∗∗∗ sink end:
data item leaves channel ←−←−←− output port
• from library of basic channelsor user defined (CA +++ types of channel end)
72 / 338
![Page 73: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/73.jpg)
Reo basic channels 310
• FIFO channel
• synchronous channel
• synchronous drain
• synchronous spout
• filter channel
• non-deterministic lossy channel
73 / 338
![Page 74: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/74.jpg)
Reo basic channels 310
• FIFO channel ←−←−←−asynchronous
communicationvia buffer• synchronous channel
• synchronous drain
• synchronous spout
• filter channel
• non-deterministic lossy channel
74 / 338
![Page 75: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/75.jpg)
FIFO channel with 1 buffer cell 310
AAA BBB
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}75 / 338
![Page 76: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/76.jpg)
FIFO channel with 1 buffer cell 310
AAA BBB
full( ) empty full( )
{A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA =
{B}, dB ={B}, dB ={B}, dB = {B}, dB ={B}, dB ={B}, dB =
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}76 / 338
![Page 77: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/77.jpg)
FIFO channel with 1 buffer cell 310
AAA BBB
AAA BBB
t1t1t1
full( ) empty full( )
{A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA =
{B}, dB ={B}, dB ={B}, dB = {B}, dB ={B}, dB ={B}, dB =
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}77 / 338
![Page 78: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/78.jpg)
FIFO channel with 1 buffer cell 310
AAA BBB
AAA BBB
t1t1t1
full( ) empty full( )
{A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA =
{B}, dB ={B}, dB ={B}, dB = {B}, dB ={B}, dB ={B}, dB =
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}78 / 338
![Page 79: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/79.jpg)
FIFO channel with 1 buffer cell 310
AAA BBB
AAA BBB
t1t1t1t2t2t2
full( ) empty full( )
{A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA =
{B}, dB ={B}, dB ={B}, dB = {B}, dB ={B}, dB ={B}, dB =
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}79 / 338
![Page 80: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/80.jpg)
FIFO channel with 1 buffer cell 310
AAA BBB
AAA BBB
t1t1t1t2t2t2
full( ) empty full( )
{A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA ={A}, dA =
{B}, dB ={B}, dB ={B}, dB = {B}, dB ={B}, dB ={B}, dB =
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}80 / 338
![Page 81: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/81.jpg)
Reo basic channels 310
• FIFO channel
• synchronous channel ←−←−←−• synchronous drain
• synchronous spout
• filter channel
• non-deterministic lossy channel
81 / 338
![Page 82: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/82.jpg)
Synchronous channel 320
AAA BBB
q0q0q0 {A,B}, dA = dB{A,B}, dA = dB{A,B}, dA = dB
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
82 / 338
![Page 83: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/83.jpg)
Synchronous channel 320
AAA BBB
AAA BBB
t1t1t1
q0q0q0 {A,B}, dA = dB{A,B}, dA = dB{A,B}, dA = dB
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
83 / 338
![Page 84: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/84.jpg)
Synchronous channel 320
AAA BBB
AAA BBB
t1t1t1t2t2t2
q0q0q0 {A,B}, dA = dB{A,B}, dA = dB{A,B}, dA = dB
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
84 / 338
![Page 85: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/85.jpg)
Synchronous channel 320
AAA BBB
AAA BBB
t1t1t1t2t2t2t3t3t3
q0q0q0 {A,B}, dA = dB{A,B}, dA = dB{A,B}, dA = dB
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
85 / 338
![Page 86: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/86.jpg)
Example: Reo network and four components 450
C3C3C3
C1C1C1
C4C4C4
AAA BBB
CCC DDD
C2C2C2
Reo network with two channels:
• synchronous channel A BA BA B connectingcomponents C1C1C1 with C2C2C2
• synchronous channel C DC DC D connectingcomponents C3C3C3 with C4C4C4
86 / 338
![Page 87: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/87.jpg)
Example: Reo network and four components 450
C3C3C3
C1C1C1
C4C4C4
AAA BBB
CCC DDD
C2C2C2
q0q0q0{A,B}{A,B}{A,B}dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}dC = dDdC = dDdC = dD
{A,B,C ,D}{A,B,C ,D}{A,B,C ,D}dA = dB ∧ dC = dDdA = dB ∧ dC = dDdA = dB ∧ dC = dD
87 / 338
![Page 88: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/88.jpg)
Example: Reo network and four components 450
C3C3C3
C1C1C1
C4C4C4
AAA BBB
CCC DDD
C2C2C2AAA BBB CCC DDD
t1t1t1
q0q0q0{A,B}{A,B}{A,B}dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}dC = dDdC = dDdC = dD
{A,B,C ,D}{A,B,C ,D}{A,B,C ,D}dA = dB ∧ dC = dDdA = dB ∧ dC = dDdA = dB ∧ dC = dD
88 / 338
![Page 89: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/89.jpg)
Example: Reo network and four components 450
C3C3C3
C1C1C1
C4C4C4
AAA BBB
CCC DDD
C2C2C2AAA BBB CCC DDD
t1t1t1t2t2t2
q0q0q0{A,B}{A,B}{A,B}dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}dC = dDdC = dDdC = dD
{A,B,C ,D}{A,B,C ,D}{A,B,C ,D}dA = dB ∧ dC = dDdA = dB ∧ dC = dDdA = dB ∧ dC = dD
89 / 338
![Page 90: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/90.jpg)
Example: Reo network and four components 450
C3C3C3
C1C1C1
C4C4C4
AAA BBB
CCC DDD
C2C2C2AAA BBB CCC DDD
t1t1t1t2t2t2t3t3t3
q0q0q0{A,B}{A,B}{A,B}dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}dC = dDdC = dDdC = dD
{A,B,C ,D}{A,B,C ,D}{A,B,C ,D}dA = dB ∧ dC = dDdA = dB ∧ dC = dDdA = dB ∧ dC = dD
90 / 338
![Page 91: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/91.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1
system with three components
• fifo channel A BA BA B
• synchronous channel C DC DC D
91 / 338
![Page 92: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/92.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1componentinterface for C3C3C3
q0q0q0
{B}{B}{B}{C}{C}{C}
NinNinNin === {B}{B}{B}NoutNoutNout === {C}{C}{C}
system with three components
• fifo channel A BA BA B
• synchronous channel C DC DC D
92 / 338
![Page 93: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/93.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1
full( ) empty full( )
{A}{A}{A},{A}{A}{A},
{B}{B}{B}, {B}{B}{B},{C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D}
93 / 338
![Page 94: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/94.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1
full( ) empty full( )empty
{A}{A}{A},{A}{A}{A},
{B}{B}{B}, {B}{B}{B},{C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D}
94 / 338
![Page 95: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/95.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1AAA BBB CCC DDD
t1t1t1
full( ) empty full( )empty
{A}{A}{A},{A}{A}{A},
{B}{B}{B}, {B}{B}{B},{C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D}
95 / 338
![Page 96: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/96.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1AAA BBB CCC DDD
t1t1t1
full( ) empty full( )full( )
{A}{A}{A},{A}{A}{A},
{B}{B}{B}, {B}{B}{B},{C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D}
96 / 338
![Page 97: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/97.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1AAA BBB CCC DDD
t1t1t1t2t2t2
full( ) empty full( )full( )
{A}{A}{A},{A}{A}{A},
{B}{B}{B}, {B}{B}{B},{C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D}
97 / 338
![Page 98: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/98.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1AAA BBB CCC DDD
t1t1t1t2t2t2
full( ) empty full( )empty
{A}{A}{A},{A}{A}{A},
{B}{B}{B}, {B}{B}{B},{C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D}
98 / 338
![Page 99: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/99.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1AAA BBB CCC DDD
t1t1t1t2t2t2t3t3t3
full( ) empty full( )empty
{A}{A}{A},{A}{A}{A},
{B}{B}{B}, {B}{B}{B},{C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D}
99 / 338
![Page 100: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/100.jpg)
Example: network and its CA-semantics 150
AAA BBB
CCCDDDC2C2C2
C3C3C3
C1C1C1AAA BBB CCC DDD
t1t1t1t2t2t2t3t3t3
full( ) empty full( )empty
{A}{A}{A},{A}{A}{A},
{B}{B}{B}, {B}{B}{B},{C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D} {C ,D}{C ,D}{C ,D}
100 / 338
![Page 101: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/101.jpg)
Reo basic channels 330
• FIFO channel
• synchronous channel
• synchronous drain
• synchronous spout
• filter channel
• non-deterministic lossy channel
variants ofsynchronous
channels
101 / 338
![Page 102: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/102.jpg)
Synchronous drain 330
AAA BBB
q0q0q0 {A,B},{A,B},{A,B}, dA = dBdA = dBdA = dB
Nin = {A,B}Nin = {A,B}Nin = {A,B} Nout = ∅Nout = ∅Nout = ∅
two source ends(input ports)
102 / 338
![Page 103: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/103.jpg)
Synchronous drain 330
AAA BBB
AAA BBB
t1t1t1
q0q0q0 {A,B},{A,B},{A,B}, dA = dBdA = dBdA = dB
Nin = {A,B}Nin = {A,B}Nin = {A,B} Nout = ∅Nout = ∅Nout = ∅
103 / 338
![Page 104: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/104.jpg)
Synchronous drain 330
AAA BBB
AAA BBB
t1t1t1
q0q0q0 {A,B},{A,B},{A,B}, dA = dBdA = dBdA = dB
Nin = {A,B}Nin = {A,B}Nin = {A,B} Nout = ∅Nout = ∅Nout = ∅
104 / 338
![Page 105: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/105.jpg)
Synchronous drain 330
AAA BBB
AAA BBB
t1t1t1
q0q0q0 {A,B},{A,B},{A,B}, dA = dBdA = dBdA = dB
Nin = {A,B}Nin = {A,B}Nin = {A,B} Nout = ∅Nout = ∅Nout = ∅
105 / 338
![Page 106: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/106.jpg)
Synchronous drain ←−←−←− data-aware 330
AAA BBB
AAA BBB
t1t1t1t2t2t2
q0q0q0 {A,B},{A,B},{A,B}, dA = dBdA = dBdA = dB
Nin = {A,B}Nin = {A,B}Nin = {A,B} Nout = ∅Nout = ∅Nout = ∅
←−←−←−same
data itemsat ports AAA, BBB
106 / 338
![Page 107: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/107.jpg)
Synchronous drain ←−←−←− data-aware 330
AAA BBB
AAA BBB
t1t1t1t2t2t2t3t3t3
q0q0q0 {A,B},{A,B},{A,B}, dA = dBdA = dBdA = dB
Nin = {A,B}Nin = {A,B}Nin = {A,B} Nout = ∅Nout = ∅Nout = ∅
←−←−←−same
data itemsat ports AAA, BBB
107 / 338
![Page 108: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/108.jpg)
Synchronous drain ←−←−←− data-abstract 340
AAA BBB
AAA BBB
t1t1t1t2t2t2t3t3t3
q0q0q0 {A,B}, true{A,B}, true{A,B}, true
Nin = {A,B}Nin = {A,B}Nin = {A,B} Nout = ∅Nout = ∅Nout = ∅
←−←−←−arbitrary
data itemsat ports AAA, BBB
108 / 338
![Page 109: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/109.jpg)
Example: Reo network with synchronous drain 460
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
Reo network with four components
• synchronous data flow from AAA to BBB
• synchronous data flow from CCC to DDD
• synchronous drain ensures synchronizationof all four components
109 / 338
![Page 110: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/110.jpg)
Example: Reo network with synchronous drain 460
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
q0q0q0
{A,B,C ,D}{A,B,C ,D}{A,B,C ,D}dA = dB ∧ dC = dDdA = dB ∧ dC = dDdA = dB ∧ dC = dD
110 / 338
![Page 111: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/111.jpg)
Example: Reo network with synchronous drain 460
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2AAA BBB CCC DDD
t1t1t1
q0q0q0
{A,B,C ,D}{A,B,C ,D}{A,B,C ,D}dA = dB ∧ dC = dDdA = dB ∧ dC = dDdA = dB ∧ dC = dD
111 / 338
![Page 112: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/112.jpg)
Example: Reo network with synchronous drain 460
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2AAA BBB CCC DDD
t1t1t1t2t2t2t3t3t3
q0q0q0
{A,B,C ,D}{A,B,C ,D}{A,B,C ,D}dA = dB ∧ dC = dDdA = dB ∧ dC = dDdA = dB ∧ dC = dD
112 / 338
![Page 113: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/113.jpg)
Synchronous spout 350
AAA BBB
q0q0q0 {A,B}, true{A,B}, true{A,B}, true
Nin = ∅Nin = ∅Nin = ∅ Nout = {A,B}Nout = {A,B}Nout = {A,B}
two sink ends(output ports)
113 / 338
![Page 114: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/114.jpg)
Synchronous spout 350
AAA BBB
AAA BBB
t1t1t1
q0q0q0 {A,B}, true{A,B}, true{A,B}, true
Nin = ∅Nin = ∅Nin = ∅ Nout = {A,B}Nout = {A,B}Nout = {A,B}
114 / 338
![Page 115: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/115.jpg)
Synchronous spout 350
AAA BBB
AAA BBB
t1t1t1
q0q0q0 {A,B}, true{A,B}, true{A,B}, true
Nin = ∅Nin = ∅Nin = ∅ Nout = {A,B}Nout = {A,B}Nout = {A,B}
115 / 338
![Page 116: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/116.jpg)
Synchronous spout 350
AAA BBB
AAA BBB
t1t1t1t2t2t2
q0q0q0 {A,B}, true{A,B}, true{A,B}, true
Nin = ∅Nin = ∅Nin = ∅ Nout = {A,B}Nout = {A,B}Nout = {A,B}
116 / 338
![Page 117: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/117.jpg)
Synchronous spout 350
AAA BBB
AAA BBB
t1t1t1t2t2t2t3t3t3
q0q0q0 {A,B}, true{A,B}, true{A,B}, true
Nin = ∅Nin = ∅Nin = ∅ Nout = {A,B}Nout = {A,B}Nout = {A,B}
117 / 338
![Page 118: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/118.jpg)
Filter channel 360
AAA BBB
q0q0q0 {A,B}, dA = dB ∈ FilterCond{A,B}, dA = dB ∈ FilterCond{A,B}, dA = dB ∈ FilterCond
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
“ordinary”synchronous channelwith filter condition
118 / 338
![Page 119: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/119.jpg)
Filter channel 360
AAA BBB
AAA BBB
t1t1t1t2t2t2t3t3t3
q0q0q0 {A,B}, dA = dB ∈ FilterCond{A,B}, dA = dB ∈ FilterCond{A,B}, dA = dB ∈ FilterCond
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
, ∈ FilterCond∈ FilterCond∈ FilterCond
119 / 338
![Page 120: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/120.jpg)
Nondeterministic lossy channel 370
AAA BBB
q0q0q0 {A,B}, dA = dB{A,B}, dA = dB{A,B}, dA = dB{A}, true{A}, true{A}, true
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
synchronous channelwhere written data items
can be lost
120 / 338
![Page 121: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/121.jpg)
Nondeterministic lossy channel 370
AAA BBB
AAA BBB
t1t1t1
q0q0q0 {A,B}, dA = dB{A,B}, dA = dB{A,B}, dA = dB{A}, true{A}, true{A}, true
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
121 / 338
![Page 122: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/122.jpg)
Nondeterministic lossy channel 370
AAA BBB
AAA BBB
t1t1t1t2t2t2
q0q0q0 {A,B}, dA = dB{A,B}, dA = dB{A,B}, dA = dB{A}, true{A}, true{A}, true
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
122 / 338
![Page 123: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/123.jpg)
Nondeterministic lossy channel 370
AAA BBB
AAA BBB
t1t1t1t2t2t2t3t3t3
q0q0q0 {A,B}, dA = dB{A,B}, dA = dB{A,B}, dA = dB{A}, true{A}, true{A}, true
Nin = {A}Nin = {A}Nin = {A} Nout = {B}Nout = {B}Nout = {B}
123 / 338
![Page 124: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/124.jpg)
Overview mreo-node
1 Modelling components and connectors
constraint automata (CA)coordination language Reo
Reo channelsReo nodes ←−←−←−
2 Model checking with CA
Linear Temporal LogicAlternating Stream Logic
3 Synthesis of connectors
124 / 338
![Page 125: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/125.jpg)
Reo nodes 410
• arise when channel ends are joined
• coordinate the coincident sink and source ends
125 / 338
![Page 126: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/126.jpg)
Reo nodes 410
A1A1A1
A2A2A2
B1B1B1
B2B2B2
• arise when channel ends are joined
• coordinate the coincident sink and source ends
126 / 338
![Page 127: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/127.jpg)
Reo nodes 410
A1A1A1
A2A2A2
B1B1B1
B2B2B2
• arise when channel ends are joined
• coordinate the coincident sink and source ends
127 / 338
![Page 128: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/128.jpg)
Reo nodes 410
A1A1A1
A2A2A2
B1B1B1
B2B2B2
• arise when channel ends are joined
• coordinate the coincident sink and source ends
128 / 338
![Page 129: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/129.jpg)
Reo nodes with standard semantics 410
A1A1A1
A2A2A2
B1B1B1
B2B2B2
• arise when channel ends are joined
• coordinate the coincident sink and source ends
nondeterministic mergefor receive operations
at the sink ends
synchronoussend operation
at the source ends
129 / 338
![Page 130: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/130.jpg)
Reo nodes with standard semantics 410
A1A1A1
A2A2A2
B1B1B1
B2B2B2
• arise when channel ends are joined
• coordinate the coincident sink and source ends
q0q0q0
{A1,B1,B2},{A1,B1,B2},{A1,B1,B2}, dA1= dB1
= dB2dA1
= dB1= dB2dA1
= dB1= dB2
{A2,B1,B2},{A2,B1,B2},{A2,B1,B2}, dA2= dB1
= dB2dA2
= dB1= dB2dA2
= dB1= dB2
130 / 338
![Page 131: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/131.jpg)
Reo nodes with route semantics 430
A1A1A1
A2A2A2
B1B1B1
B2B2B2
• arise when channel ends are joined
• coordinate the coincident sink and source ends
nondeterministic mergefor receive operations
at the sink ends
nondeterministic choicefor the send operations
at the source ends
131 / 338
![Page 132: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/132.jpg)
Reo nodes with route semantics 430
A1A1A1
A2A2A2
B1B1B1
B2B2B2
• arise when channel ends are joined
• coordinate the coincident sink and source ends
q0q0q0
{A1,B1},{A1,B1},{A1,B1}, dA1= dB1
dA1 = dB1dA1= dB1
{A1,B2},{A1,B2},{A1,B2}, dA1= dB2
dA1 = dB2dA1= dB2
{A2,B1},{A2,B1},{A2,B1}, dA2= dB1
dA2= dB1dA2= dB1
{A2,B2},{A2,B2},{A2,B2}, dB = dB2dB = dB2dB = dB2
132 / 338
![Page 133: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/133.jpg)
Example: Reo network with buffering & filtering 470
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
133 / 338
![Page 134: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/134.jpg)
Example: Reo network with buffering & filtering 470
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
• nondeterministic merge between AAA and CCC . . .
134 / 338
![Page 135: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/135.jpg)
Example: Reo network with buffering & filtering 470
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
• nondeterministic merge between AAA and CCC . . .
• data item ddd written at AAA or CCC is stored in the buffer
135 / 338
![Page 136: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/136.jpg)
Example: Reo network with buffering & filtering 470
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
• nondeterministic merge between AAA and CCC . . .
• data item ddd written at AAA or CCC is stored in the buffer
if ddd is green then it will be routed to BBB
if ddd is blue then it will be routed to DDD
136 / 338
![Page 137: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/137.jpg)
Example: Reo network with buffering & filtering 470
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
full( ) empty full( )empty
{A}{A}{A},{A}{A}{A},
{C}{C}{C},{C}{C}{C},{D}{D}{D},{B}{B}{B},
137 / 338
![Page 138: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/138.jpg)
Example: Reo network with buffering & filtering 470
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2AAA BBB CCC DDD
t1t1t1
full( ) empty full( )empty full( )
{A}{A}{A},{A}{A}{A},
{C}{C}{C},{C}{C}{C},{D}{D}{D},{B}{B}{B},
138 / 338
![Page 139: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/139.jpg)
Example: Reo network with buffering & filtering 470
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2AAA BBB CCC DDD
t1t1t1t2t2t2
full( ) empty full( )empty full( )
{A}{A}{A},{A}{A}{A},
{C}{C}{C},{C}{C}{C},{D}{D}{D},{B}{B}{B},
139 / 338
![Page 140: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/140.jpg)
Example: Reo network with buffering & filtering 470
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2AAA BBB CCC DDD
t1t1t1t2t2t2t3t3t3
full( ) empty full( )emptyfull( )
{A}{A}{A},{A}{A}{A},
{C}{C}{C},{C}{C}{C},{D}{D}{D},{B}{B}{B},
140 / 338
![Page 141: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/141.jpg)
Example: Reo network with buffering & filtering 470
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2AAA BBB CCC DDD
t1t1t1t2t2t2t3t3t3t4t4t4
full( ) empty full( )emptyfull( )
{A}{A}{A},{A}{A}{A},
{C}{C}{C},{C}{C}{C},{D}{D}{D},{B}{B}{B},
141 / 338
![Page 142: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/142.jpg)
Example: Reo network for a sequencer 480
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
alternating data flow between C1C1C1 and C2C2C2 via A BA BA Band between C3C3C3 and C4C4C4 via C DC DC D
142 / 338
![Page 143: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/143.jpg)
Example: Reo network for a sequencer 480
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
111 222
{A,B}{A,B}{A,B}, dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}, dC = dDdC = dDdC = dD143 / 338
![Page 144: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/144.jpg)
Example: Reo network for a sequencer 480
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
111 222
{A,B}{A,B}{A,B}, dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}, dC = dDdC = dDdC = dD
111
AAA BBB CCC DDD
t1t1t1
144 / 338
![Page 145: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/145.jpg)
Example: Reo network for a sequencer 480
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
111 222
{A,B}{A,B}{A,B}, dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}, dC = dDdC = dDdC = dD
222
AAA BBB CCC DDD
t1t1t1
145 / 338
![Page 146: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/146.jpg)
Example: Reo network for a sequencer 480
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
111 222
{A,B}{A,B}{A,B}, dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}, dC = dDdC = dDdC = dD
222
AAA BBB CCC DDD
t1t1t1t2t2t2
146 / 338
![Page 147: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/147.jpg)
Example: Reo network for a sequencer 480
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
111 222
{A,B}{A,B}{A,B}, dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}, dC = dDdC = dDdC = dD
111
AAA BBB CCC DDD
t1t1t1t2t2t2
147 / 338
![Page 148: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/148.jpg)
Example: Reo network for a sequencer 480
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
111 222
{A,B}{A,B}{A,B}, dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}, dC = dDdC = dDdC = dD
AAA BBB CCC DDD
t1t1t1t2t2t2
148 / 338
![Page 149: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/149.jpg)
Example: Reo network for a sequencer 480
C1C1C1
C4C4C4
AAA BBB
CCC DDDC3C3C3
C2C2C2
111 222
{A,B}{A,B}{A,B}, dA = dBdA = dBdA = dB
{C ,D}{C ,D}{C ,D}, dC = dDdC = dDdC = dD
AAA BBB CCC DDD
t1t1t1t2t2t2
149 / 338
![Page 150: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/150.jpg)
Reo’s hiding operator 290
serves to build a new component or connectorby “hiding internal ports”
150 / 338
![Page 151: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/151.jpg)
Reo’s hiding operator 290
serves to build a new component or connectorby “hiding internal ports”
hiding operator for constraint automata:
given a CA A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0) and port A ∈ NA ∈ NA ∈ NA \ A
def= (Q,N \ {A},−→,Q0)A \ Adef= (Q,N \ {A},−→,Q0)A \ Adef= (Q,N \ {A},−→,Q0) where . . .. . .. . .
151 / 338
![Page 152: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/152.jpg)
Reo’s hiding operator 290
serves to build a new component or connectorby “hiding internal ports”
hiding operator for constraint automata:
given a CA A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0) and port A ∈ NA ∈ NA ∈ NA \ A
def= (Q,N \ {A},−→,Q0)A \ Adef= (Q,N \ {A},−→,Q0)A \ Adef= (Q,N \ {A},−→,Q0) where
qqqN , g−−−→N , g−−−→N , g−−−→ ppp in AAA
qqqN ′, g ′−−−−→N ′, g ′−−−−→N ′, g ′−−−−→ ppp in A \ AA \ AA \ A
N ′N ′N ′ === N \ {A}N \ {A}N \ {A}g ′g ′g ′ === ∃d .g [dA/d ]∃d .g [dA/d ]∃d .g [dA/d ]
152 / 338
![Page 153: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/153.jpg)
Reo’s hiding operator 290
serves to build a new component or connectorby “hiding internal ports”
hiding operator for constraint automata:
given a CA A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0)A = (Q,N ,−→,Q0) and port A ∈ NA ∈ NA ∈ NA \ A
def= (Q,N \ {A},−→,Q0)A \ Adef= (Q,N \ {A},−→,Q0)A \ Adef= (Q,N \ {A},−→,Q0) where
qqqN , g−−−→N , g−−−→N , g−−−→ ppp in AAA
qqqN ′, g ′−−−−→N ′, g ′−−−−→N ′, g ′−−−−→ ppp in A \ AA \ AA \ A
N ′N ′N ′ === N \ {A}N \ {A}N \ {A}g ′g ′g ′ === ∃d .g [dA/d ]∃d .g [dA/d ]∃d .g [dA/d ]
variant: additionally transitive closure over the“empty” (internal) transitions
153 / 338
![Page 154: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/154.jpg)
Overview ver
1 Modelling components and connectors
constraint automata (CA)coordination language Reo
2 Model checking with CA
Linear Temporal LogicAlternating Stream Logic
3 Synthesis of connectors
154 / 338
![Page 155: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/155.jpg)
Model checking components and connectors 505
requirements
specificationSPEC
constraint automaton
model checker“doesMMM satisfy SPEC ?”
no yes155 / 338
![Page 156: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/156.jpg)
Model checking components and connectors 505
requirements
specificationSPECM = CiM = CiM = Ci
constraint automaton
model checker“doesMMM satisfy SPEC ?”
componentinterfaces
no yes156 / 338
![Page 157: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/157.jpg)
Model checking components and connectors 505
requirements
specificationSPECM = RM = RM = R
constraint automaton
model checker“doesMMM satisfy SPEC ?”
connectorReo network
no yes157 / 338
![Page 158: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/158.jpg)
Model checking components and connectors 505
requirements
specificationSPEC
constraint automatonM = C1 �� . . . �� Cn �� RM = C1 �� . . . �� Cn �� RM = C1 �� . . . �� Cn �� R
model checker“doesMMM satisfy SPEC ?”
componentinterfaces
connectorReo network
no yes158 / 338
![Page 159: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/159.jpg)
Model checking components and connectors 505
requirements
formula of sometemporal logic
constraint automatonM = C1 �� . . . �� Cn �� RM = C1 �� . . . �� Cn �� RM = C1 �� . . . �� Cn �� R
model checker“doesMMM satisfy SPEC ?”
componentinterfaces
connectorReo network
no yes159 / 338
![Page 160: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/160.jpg)
Overview ver-ltl
1 Modelling components and connectors
constraint automata (CA)coordination language Reo
2 Model checking with CA
Linear Temporal Logic ←−←−←−Alternating Stream Logic
3 Synthesis of connectors
160 / 338
![Page 161: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/161.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 520
linear-time logic LTL with I/O-constraints,adapted to the CA framework
• linear temporal logic (LTL) [Pnueli ’77]
temporal modalities over atomic propositionsto express safety, liveness properties
• regular expressions for specifying conditions onthe interactions of components/connectors
similar to dynamic LTL [Henriksen,Thiagarajan’99]
161 / 338
![Page 162: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/162.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ
162 / 338
![Page 163: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/163.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ���atomic
proposition
163 / 338
![Page 164: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/164.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ���atomic
proposition
i.e., local condition on the states of a CA
“FIFO buffer is full”“x < 3x < 3x < 3 for integer variable xxx”
aaa
. . .. . .. . .
164 / 338
![Page 165: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/165.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ���
atomicproposition
���next
ϕ =©aϕ =©aϕ =©a :
aaa
. . .. . .. . .
165 / 338
![Page 166: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/166.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 U ϕ2
∣∣ ϕ1 U ϕ2
∣∣ ϕ1 U ϕ2���atomic
proposition
���next
���until
ϕ =©aϕ =©aϕ =©a :
aaa
. . .. . .. . .
ϕ = a U bϕ = a U bϕ = a U b :
aaa aaa aaa bbb
. . .. . .. . .
166 / 338
![Page 167: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/167.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2���atomic
proposition
���next
���until
Uα =Uα =Uα = until indexed by a stream expression ααα
167 / 338
![Page 168: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/168.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2���atomic
proposition
���next
���until
Uα =Uα =Uα = until indexed by a stream expression ααα, i.e.,
regular expression specifiying a set of finite data streams
α ::=α ::=α ::= iociocioc∣∣ α1;α2
∣∣ α1 ∪ α2
∣∣ α∗∣∣ α1;α2
∣∣ α1 ∪ α2
∣∣ α∗∣∣ α1;α2
∣∣ α1 ∪ α2
∣∣ α∗
168 / 338
![Page 169: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/169.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2���atomic
proposition
���next
���until
Uα =Uα =Uα = until indexed by a stream expression ααα, i.e.,
regular expression specifiying a set of finite data streams
α ::=α ::=α ::= iociocioc∣∣ α1;α2
∣∣ α1 ∪ α2
∣∣ α∗∣∣ α1;α2
∣∣ α1 ∪ α2
∣∣ α∗∣∣ α1;α2
∣∣ α1 ∪ α2
∣∣ α∗���I/O-constraint, i.e., Boolean condition that specifiesconditions on the active ports and their I/O-operations
169 / 338
![Page 170: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/170.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2���atomic
proposition
���next
���until
Uα =Uα =Uα = until indexed by a stream expression ααα, i.e.,
regular expression specifiying a set of finite data streams
α ::=α ::=α ::= iociocioc∣∣ α1;α2
∣∣ α1 ∪ α2
∣∣ α∗∣∣ α1;α2
∣∣ α1 ∪ α2
∣∣ α∗∣∣ α1;α2
∣∣ α1 ∪ α2
∣∣ α∗semantics of ααα: regular language L(α)L(α)L(α)
(set of finite data streams)170 / 338
![Page 171: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/171.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2���atomic
proposition
���next
���until
Uα =Uα =Uα = until indexed by a stream expression ααα, i.e.,
ϕ = a Uα bϕ = a Uα bϕ = a Uα b
aaa aaa aaa bbb
. . .. . .. . .c1c1c1 c2c2c2 c3c3c3
c1 c2 c3 ∈ L(α)c1 c2 c3 ∈ L(α)c1 c2 c3 ∈ L(α)
171 / 338
![Page 172: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/172.jpg)
Linear Temporal Logic (LTLIOLTLIOLTLIO) 530
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2���atomic
proposition
���next
���until
Uα =Uα =Uα = until indexed by a stream expression ααα, i.e.,
ϕ = a Uα bϕ = a Uα bϕ = a Uα b
aaa aaa aaa bbb
. . .. . .. . .c1c1c1 c2c2c2 c3c3c3
c1 c2 c3 ∈ L(α)c1 c2 c3 ∈ L(α)c1 c2 c3 ∈ L(α)
“standard until”: ϕ1 Uϕ2 = ϕ1 Utrue∗ ϕ2ϕ1 Uϕ2 = ϕ1 Utrue∗ ϕ2ϕ1 Uϕ2 = ϕ1 Utrue∗ ϕ2
172 / 338
![Page 173: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/173.jpg)
Derived operators in LTLIO 540
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
derived operators:
∨,→, . . .∨,→, . . .∨,→, . . . as usual
173 / 338
![Page 174: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/174.jpg)
Derived operators in LTLIO 540
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
derived operators:
∨,→, . . .∨,→, . . .∨,→, . . . as usual
♦ϕ♦ϕ♦ϕ def=def=def= true Uϕtrue Uϕtrue Uϕ eventually
174 / 338
![Page 175: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/175.jpg)
Derived operators in LTLIO 540
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
derived operators:
∨,→, . . .∨,→, . . .∨,→, . . . as usual
♦ϕ♦ϕ♦ϕ def=def=def= true Uϕtrue Uϕtrue Uϕ eventually
until operatora U ba U ba U b
aaa aaa aaa bbb
. . .. . .. . .
eventually♦b♦b♦b
bbb
. . .. . .. . .
175 / 338
![Page 176: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/176.jpg)
Derived operators in LTLIO 540
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
derived operators:
∨,→, . . .∨,→, . . .∨,→, . . . as usual
♦ϕ♦ϕ♦ϕ def=def=def= true Uϕtrue Uϕtrue Uϕ eventually
�ϕ�ϕ�ϕ def=def=def= ¬♦¬ϕ¬♦¬ϕ¬♦¬ϕ always
until operatora U ba U ba U b
aaa aaa aaa bbb
. . .. . .. . .
eventually♦b♦b♦b
bbb
. . .. . .. . .
always�a�a�a
aaa aaa aaa aaa aaa aaa
. . .. . .. . .
176 / 338
![Page 177: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/177.jpg)
Derived operators in LTLIO 540
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
derived operators:
∨,→, . . .∨,→, . . .∨,→, . . . as usual
♦ϕ♦ϕ♦ϕ def=def=def= true Uϕtrue Uϕtrue Uϕ eventually
�ϕ�ϕ�ϕ def=def=def= ¬♦¬ϕ¬♦¬ϕ¬♦¬ϕ always
infinitely often �♦ϕ�♦ϕ�♦ϕeventually forever ♦�ϕ♦�ϕ♦�ϕ
177 / 338
![Page 178: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/178.jpg)
Derived operators in LTLIO 550
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
〈〈α〉〉ϕ〈〈α〉〉ϕ〈〈α〉〉ϕ def=def=def= true Uα ϕtrue Uα ϕtrue Uα ϕ
178 / 338
![Page 179: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/179.jpg)
Derived operators in LTLIO 550
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
〈〈α〉〉ϕ〈〈α〉〉ϕ〈〈α〉〉ϕ def=def=def= true Uα ϕtrue Uα ϕtrue Uα ϕ “there exists a prefix s.t. .........”
179 / 338
![Page 180: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/180.jpg)
Derived operators in LTLIO 550
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
〈〈α〉〉ϕ〈〈α〉〉ϕ〈〈α〉〉ϕ def=def=def= true Uα ϕtrue Uα ϕtrue Uα ϕ “there exists a prefix s.t. .........”
ϕ = 〈〈(A; B)∗〉〉bϕ = 〈〈(A; B)∗〉〉bϕ = 〈〈(A; B)∗〉〉b :
bbb. . .. . .. . .
180 / 338
![Page 181: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/181.jpg)
Derived operators in LTLIO 550
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
〈〈α〉〉ϕ〈〈α〉〉ϕ〈〈α〉〉ϕ def=def=def= true Uα ϕtrue Uα ϕtrue Uα ϕ “there exists a prefix s.t. .........”
ϕ = 〈〈(A; B)∗〉〉bϕ = 〈〈(A; B)∗〉〉bϕ = 〈〈(A; B)∗〉〉b :
bbb. . .. . .. . .AAA BBB
181 / 338
![Page 182: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/182.jpg)
Derived operators in LTLIO 550
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
〈〈α〉〉ϕ〈〈α〉〉ϕ〈〈α〉〉ϕ def=def=def= true Uα ϕtrue Uα ϕtrue Uα ϕ “there exists a prefix s.t. .........”
ϕ = 〈〈(A; B)∗〉〉bϕ = 〈〈(A; B)∗〉〉bϕ = 〈〈(A; B)∗〉〉b :
bbb. . .. . .. . .AAA BBB AAA BBB
182 / 338
![Page 183: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/183.jpg)
Derived operators in LTLIO 550
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
〈〈α〉〉ϕ〈〈α〉〉ϕ〈〈α〉〉ϕ def=def=def= true Uα ϕtrue Uα ϕtrue Uα ϕ “there exists a prefix s.t. .........”
[|α |]ϕ[|α |]ϕ[|α |]ϕ def=def=def= ¬〈〈α〉〉¬ϕ¬〈〈α〉〉¬ϕ¬〈〈α〉〉¬ϕ “for all prefixes .........”
183 / 338
![Page 184: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/184.jpg)
Derived operators in LTLIO 550
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
〈〈α〉〉ϕ〈〈α〉〉ϕ〈〈α〉〉ϕ def=def=def= true Uα ϕtrue Uα ϕtrue Uα ϕ “there exists a prefix s.t. .........”
[|α |]ϕ[|α |]ϕ[|α |]ϕ def=def=def= ¬〈〈α〉〉¬ϕ¬〈〈α〉〉¬ϕ¬〈〈α〉〉¬ϕ “for all prefixes .........”
ϕ = [|(A; B)∗|]bϕ = [|(A; B)∗|]bϕ = [|(A; B)∗|]b :
bbb bbb bbb. . .. . .. . .AAA BBB AAA BBB
184 / 338
![Page 185: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/185.jpg)
Derived operators in LTLIO 550
ϕ ::= true∣∣ϕ ::= true∣∣ϕ ::= true∣∣ a
∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕa∣∣ ϕ1 ∧ ϕ2
∣∣ ¬ϕ ∣∣ © ϕ∣∣ © ϕ∣∣ © ϕ
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
∣∣ ϕ1 Uα ϕ2
〈〈α〉〉ϕ〈〈α〉〉ϕ〈〈α〉〉ϕ def=def=def= true Uα ϕtrue Uα ϕtrue Uα ϕ “there exists a prefix s.t. .........”
[|α |]ϕ[|α |]ϕ[|α |]ϕ def=def=def= ¬〈〈α〉〉¬ϕ¬〈〈α〉〉¬ϕ¬〈〈α〉〉¬ϕ “for all prefixes .........”
ϕ = [|(A; B)∗|]bϕ = [|(A; B)∗|]bϕ = [|(A; B)∗|]b :
bbb bbb. . .. . .. . .AAA BBB AAA AAA AAA
185 / 338
![Page 186: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/186.jpg)
Semantics of LTLIOLTLIOLTLIO formulas 560
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
186 / 338
![Page 187: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/187.jpg)
Semantics of LTLIOLTLIOLTLIO formulas 560
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
π |= trueπ |= trueπ |= true
π |= aπ |= aπ |= a iff atomic proposition aaa holds for q0q0q0
187 / 338
![Page 188: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/188.jpg)
Semantics of LTLIOLTLIOLTLIO formulas 560
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
π |= trueπ |= trueπ |= true
π |= aπ |= aπ |= a iff atomic proposition aaa holds for q0q0q0
π |= ϕ1 ∨ ϕ2π |= ϕ1 ∨ ϕ2π |= ϕ1 ∨ ϕ2 iff π |= ϕ1π |= ϕ1π |= ϕ1 or π |= ϕ2π |= ϕ2π |= ϕ2
π |= ¬ϕπ |= ¬ϕπ |= ¬ϕ iff π �|= ϕπ �|= ϕπ �|= ϕ
188 / 338
![Page 189: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/189.jpg)
Semantics of LTLIOLTLIOLTLIO formulas 560
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
π |= trueπ |= trueπ |= true
π |= aπ |= aπ |= a iff atomic proposition aaa holds for q0q0q0
π |= ϕ1 ∨ ϕ2π |= ϕ1 ∨ ϕ2π |= ϕ1 ∨ ϕ2 iff π |= ϕ1π |= ϕ1π |= ϕ1 or π |= ϕ2π |= ϕ2π |= ϕ2
π |= ¬ϕπ |= ¬ϕπ |= ¬ϕ iff π �|= ϕπ �|= ϕπ �|= ϕ
π |=©ϕπ |=©ϕπ |=©ϕ iff suffix(π, 1) |= ϕsuffix(π, 1) |= ϕsuffix(π, 1) |= ϕ���suffix(π, 1) = q1
c2−→ q2c3−→ . . .suffix(π, 1) = q1
c2−→ q2c3−→ . . .suffix(π, 1) = q1
c2−→ q2c3−→ . . .
189 / 338
![Page 190: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/190.jpg)
Semantics of LTLIOLTLIOLTLIO formulas 560
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
π |= trueπ |= trueπ |= true
π |= aπ |= aπ |= a iff atomic proposition aaa holds for q0q0q0
π |= ϕ1 ∨ ϕ2π |= ϕ1 ∨ ϕ2π |= ϕ1 ∨ ϕ2 iff π |= ϕ1π |= ϕ1π |= ϕ1 or π |= ϕ2π |= ϕ2π |= ϕ2
π |= ¬ϕπ |= ¬ϕπ |= ¬ϕ iff π �|= ϕπ �|= ϕπ �|= ϕ
π |=©ϕπ |=©ϕπ |=©ϕ iff suffix(π, 1) |= ϕsuffix(π, 1) |= ϕsuffix(π, 1) |= ϕ
π |= ϕ1 Uα ϕ2π |= ϕ1 Uα ϕ2π |= ϕ1 Uα ϕ2 iff there exists a finite prefix σσσ of πππwith stream(σ) ∈ L(α)stream(σ) ∈ L(α)stream(σ) ∈ L(α) and . . .. . .. . .���
if |σ| = n|σ| = n|σ| = n then stream(σ) = c1 c2 . . . cnstream(σ) = c1 c2 . . . cnstream(σ) = c1 c2 . . . cn
190 / 338
![Page 191: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/191.jpg)
Semantics of LTLIOLTLIOLTLIO formulas 560
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
π |= trueπ |= trueπ |= true
π |= aπ |= aπ |= a iff atomic proposition aaa holds for q0q0q0
π |= ϕ1 ∨ ϕ2π |= ϕ1 ∨ ϕ2π |= ϕ1 ∨ ϕ2 iff π |= ϕ1π |= ϕ1π |= ϕ1 or π |= ϕ2π |= ϕ2π |= ϕ2
π |= ¬ϕπ |= ¬ϕπ |= ¬ϕ iff π �|= ϕπ �|= ϕπ �|= ϕ
π |=©ϕπ |=©ϕπ |=©ϕ iff suffix(π, 1) |= ϕsuffix(π, 1) |= ϕsuffix(π, 1) |= ϕ
π |= ϕ1 Uα ϕ2π |= ϕ1 Uα ϕ2π |= ϕ1 Uα ϕ2 iff there exists a finite prefix σσσ of πππwith stream(σ) ∈ L(α)stream(σ) ∈ L(α)stream(σ) ∈ L(α) and
suffix(π, |σ|)suffix(π, |σ|)suffix(π, |σ|) |=|=|= ϕ2ϕ2ϕ2 and
suffix(π, i)suffix(π, i)suffix(π, i) |=|=|= ϕ1ϕ1ϕ1 for 0 � i < |σ|0 � i < |σ|0 � i < |σ|191 / 338
![Page 192: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/192.jpg)
Semantics of derived LTLIOLTLIOLTLIO operators 570
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
...
...
...π |= ♦ϕπ |= ♦ϕπ |= ♦ϕ iff suffix(π, i) |= ϕsuffix(π, i) |= ϕsuffix(π, i) |= ϕ for some i � 0i � 0i � 0
“eventually ϕϕϕ”
192 / 338
![Page 193: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/193.jpg)
Semantics of derived LTLIOLTLIOLTLIO operators 570
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
...
...
...π |= ♦ϕπ |= ♦ϕπ |= ♦ϕ iff suffix(π, i) |= ϕsuffix(π, i) |= ϕsuffix(π, i) |= ϕ for some i � 0i � 0i � 0
π |= �ϕπ |= �ϕπ |= �ϕ iff suffix(π, i) |= ϕsuffix(π, i) |= ϕsuffix(π, i) |= ϕ for all i � 0i � 0i � 0
“always ϕϕϕ”
193 / 338
![Page 194: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/194.jpg)
Semantics of derived LTLIOLTLIOLTLIO operators 570
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
...
...
...π |= ♦ϕπ |= ♦ϕπ |= ♦ϕ iff suffix(π, i) |= ϕsuffix(π, i) |= ϕsuffix(π, i) |= ϕ for some i � 0i � 0i � 0
π |= �ϕπ |= �ϕπ |= �ϕ iff suffix(π, i) |= ϕsuffix(π, i) |= ϕsuffix(π, i) |= ϕ for all i � 0i � 0i � 0
π |= 〈〈α〉〉ϕπ |= 〈〈α〉〉ϕπ |= 〈〈α〉〉ϕ iff there exists a finite prefix σσσ of πππ s.t.stream(σ) ∈ L(α)stream(σ) ∈ L(α)stream(σ) ∈ L(α) andsuffix(π, |σ|) |= ϕsuffix(π, |σ|) |= ϕsuffix(π, |σ|) |= ϕ
〈〈α〉〉ϕ def= true Uα ϕ〈〈α〉〉ϕ def= true Uα ϕ〈〈α〉〉ϕ def= true Uα ϕ
194 / 338
![Page 195: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/195.jpg)
Semantics of derived LTLIOLTLIOLTLIO operators 570
given an execution π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . .π = q0c1−→ q1
c2−→ . . . in a CA:
...
...
...π |= ♦ϕπ |= ♦ϕπ |= ♦ϕ iff suffix(π, i) |= ϕsuffix(π, i) |= ϕsuffix(π, i) |= ϕ for some i � 0i � 0i � 0
π |= �ϕπ |= �ϕπ |= �ϕ iff suffix(π, i) |= ϕsuffix(π, i) |= ϕsuffix(π, i) |= ϕ for all i � 0i � 0i � 0
π |= 〈〈α〉〉ϕπ |= 〈〈α〉〉ϕπ |= 〈〈α〉〉ϕ iff there exists a finite prefix σσσ of πππ s.t.stream(σ) ∈ L(α)stream(σ) ∈ L(α)stream(σ) ∈ L(α) andsuffix(π, |σ|) |= ϕsuffix(π, |σ|) |= ϕsuffix(π, |σ|) |= ϕ
π |= [|α |]ϕπ |= [|α |]ϕπ |= [|α |]ϕ iff for all finite prefixes σσσ of πππ we have:
if stream(σ) ∈ L(α)stream(σ) ∈ L(α)stream(σ) ∈ L(α) thensuffix(π, |σ|) |= ϕsuffix(π, |σ|) |= ϕsuffix(π, |σ|) |= ϕ
195 / 338
![Page 196: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/196.jpg)
LTLIOLTLIOLTLIO model checking 580
given: finite constraint automaton AAALTLIO formula ϕϕϕ
question: does A |= ϕA |= ϕA |= ϕ hold ?
196/338
![Page 197: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/197.jpg)
LTLIOLTLIOLTLIO model checking 580
given: finite constraint automaton AAALTLIO formula ϕϕϕ
question: does A |= ϕA |= ϕA |= ϕ hold ?���A |= ϕA |= ϕA |= ϕ iff for all executions πππ in AAA we have: π |= ϕπ |= ϕπ |= ϕ
197 / 338
![Page 198: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/198.jpg)
LTLIOLTLIOLTLIO model checking 580
given: finite constraint automaton AAALTLIO formula ϕϕϕ
question: does A |= ϕA |= ϕA |= ϕ hold ?���A |= ϕA |= ϕA |= ϕ iff for all executions πππ in AAA we have: π |= ϕπ |= ϕπ |= ϕ
iff there is no execution πππ of AAAsuch that π |= ¬ϕπ |= ¬ϕπ |= ¬ϕ
198 / 338
![Page 199: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/199.jpg)
constraintautomaton AAA LTLIO formula ϕϕϕ
199 / 338
![Page 200: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/200.jpg)
constraintautomaton AAA LTLIO formula ϕϕϕ
nondeterministic Buchiautomaton BBB for ¬ϕ¬ϕ¬ϕ
200 / 338
![Page 201: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/201.jpg)
constraintautomaton AAA LTLIO formula ϕϕϕ
nondeterministic Buchiautomaton BBB for ¬ϕ¬ϕ¬ϕ
NBA like non-deterministic finite automaton (NFA)with set of accepting states FFF
run q0 q1 q2 . . .q0 q1 q2 . . .q0 q1 q2 . . . for an infinite input string c1 c2 c3 . . .c1 c2 c3 . . .c1 c2 c3 . . .is accepting iff qi ∈ Fqi ∈ Fqi ∈ F for infinitely many i � 0i � 0i � 0
201 / 338
![Page 202: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/202.jpg)
constraintautomaton AAA LTLIO formula ϕϕϕ
nondeterministic Buchiautomaton BBB for ¬ϕ¬ϕ¬ϕ
analysis of the product-CA A× BA× BA× B
202 / 338
![Page 203: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/203.jpg)
constraintautomaton AAA LTLIO formula ϕϕϕ
nondeterministic Buchiautomaton BBB for ¬ϕ¬ϕ¬ϕ
analysis of the product-CA A× BA× BA× B“search for accepting execution πππ”
203 / 338
![Page 204: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/204.jpg)
constraintautomaton AAA LTLIO formula ϕϕϕ
nondeterministic Buchiautomaton BBB for ¬ϕ¬ϕ¬ϕ
analysis of the product-CA A× BA× BA× B“search for accepting execution πππ”
yes, A |= ϕA |= ϕA |= ϕ
¬∃π¬∃π¬∃π
204 / 338
![Page 205: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/205.jpg)
constraintautomaton AAA LTLIO formula ϕϕϕ
nondeterministic Buchiautomaton BBB for ¬ϕ¬ϕ¬ϕ
analysis of the product-CA A× BA× BA× B“search for accepting execution πππ”
yes, A |= ϕA |= ϕA |= ϕ
¬∃π¬∃π¬∃π
no, A �|= ϕA �|= ϕA �|= ϕ
πππ is counterexample
∃π∃π∃π
205 / 338
![Page 206: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/206.jpg)
constraintautomaton AAA LTLIO formula ϕϕϕ
nondeterministic Buchiautomaton BBB for ¬ϕ¬ϕ¬ϕ
analysis of the product-CA A× BA× BA× B“search for accepting execution πππ”
yes, A |= ϕA |= ϕA |= ϕ
¬∃π¬∃π¬∃π
no, A �|= ϕA �|= ϕA �|= ϕ
πππ is counterexample
∃π∃π∃π
exp(|ϕ|)exp(|ϕ|)exp(|ϕ|)
206 / 338
![Page 207: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/207.jpg)
constraintautomaton AAA LTLIO formula ϕϕϕ
nondeterministic Buchiautomaton BBB for ¬ϕ¬ϕ¬ϕ
analysis of the product-CA A× BA× BA× B“search for accepting execution πππ”
yes, A |= ϕA |= ϕA |= ϕ
¬∃π¬∃π¬∃π
no, A �|= ϕA �|= ϕA �|= ϕ
πππ is counterexample
∃π∃π∃π
exp(|ϕ|)exp(|ϕ|)exp(|ϕ|)
O(|A| · |B|)O(|A| · |B|)O(|A| · |B|)nested DFS
207 / 338
![Page 208: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/208.jpg)
Example: elevator system 590
UpUpUp
DownDownDown
LevelLevelLevel
UpUpUp
DownDownDown
LevelLevelLevel
FromFromFrom
ToToTo
FromFromFrom
ToToTo
LevelLevelLevel LevelLevelLevel
“elevator does not move unless UpUpUp or DownDownDown”
208 / 338
![Page 209: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/209.jpg)
Example: elevator system 590
UpUpUp
DownDownDown
LevelLevelLevel
UpUpUp
DownDownDown
LevelLevelLevel
FromFromFrom
ToToTo
FromFromFrom
ToToTo
LevelLevelLevel LevelLevelLevel
“elevator does not move unless UpUpUp or DownDownDown”
∧1�i�k
(�(
∧1�i�k
(�(
∧1�i�k
(�( “elevator at iii” −→−→−→
[|(¬Up ∧ ¬Down)∗|][|(¬Up ∧ ¬Down)∗|][|(¬Up ∧ ¬Down)∗|] “elevator at iii” ))
))
))
209 / 338
![Page 210: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/210.jpg)
Example: elevator system 595
UpUpUp UpUpUp
DownDownDown DownDownDown
LevelLevelLevel LevelLevelLevel
FromFromFrom FromFromFrom
ToToTo ToToTo
“each request is eventually served”
210 / 338
![Page 211: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/211.jpg)
Example: elevator system 595
UpUpUp UpUpUp
DownDownDown DownDownDown
LevelLevelLevel LevelLevelLevel
FromFromFrom FromFromFrom
ToToTo ToToTo
“each request is eventually served”∧1�i�k1�j�k
(�
(〈〈From ∧ To ∧ dFrom=i ∧ dTo=j〉〉true −→∧1�i�k1�j�k
(�
(〈〈From ∧ To ∧ dFrom=i ∧ dTo=j〉〉true −→∧1�i�k1�j�k
(�
(〈〈From ∧ To ∧ dFrom=i ∧ dTo=j〉〉true −→♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))
))))))211 / 338
![Page 212: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/212.jpg)
Refined request component 610
UpUpUp UpUpUp
DownDownDown DownDownDown
LevelLevelLevel LevelLevelLevel
FromFromFrom FromFromFrom
ToToTo ToToTo
consider a refined version of the request component:
• one component for the users at each level
• port signature of user at level iii :output port ReqiReqiReqi , input port FromiFromiFromi
212 / 338
![Page 213: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/213.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
213 / 338
![Page 214: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/214.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
CA for UseriUseriUseri at level iii :
q0q0q0{Fromi}{Fromi}{Fromi},dFromi
= idFromi= idFromi= i
{Reqi}{Reqi}{Reqi},dReqi
�= idReqi�= idReqi�= i
nondeterministic choice of target level214 / 338
![Page 215: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/215.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
215 / 338
![Page 216: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/216.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
216 / 338
![Page 217: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/217.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
217 / 338
![Page 218: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/218.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
218 / 338
![Page 219: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/219.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
219 / 338
![Page 220: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/220.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
nondeterministic merge at node ToToTo between theuser-requests submitted via nodes To1,To2, . . . ,TokTo1,To2, . . . ,TokTo1,To2, . . . ,Tok
220 / 338
![Page 221: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/221.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
nondeterministic merge at node ToToTo between theuser-requests submitted via nodes To1,To2, . . . ,TokTo1,To2, . . . ,TokTo1,To2, . . . ,Tok
221 / 338
![Page 222: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/222.jpg)
Refined request component 610
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
nondeterministic merge at node ToToTo between theuser-requests submitted via nodes To1,To2, . . . ,TokTo1,To2, . . . ,TokTo1,To2, . . . ,Tok
222 / 338
![Page 223: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/223.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?223/338
![Page 224: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/224.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?224/338
![Page 225: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/225.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?225/338
![Page 226: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/226.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?226/338
![Page 227: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/227.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?227/338
![Page 228: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/228.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?228/338
![Page 229: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/229.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?229/338
![Page 230: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/230.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?230/338
![Page 231: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/231.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?231/338
![Page 232: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/232.jpg)
Each user will be served ? 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))))))))
?232/338
![Page 233: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/233.jpg)
Each user will be served ? ... no 620
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
unfair merge at node ToToTo is possible
233 / 338
![Page 234: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/234.jpg)
Fairness 630
Liveness properties often cannot beestablished for nondeterministic system models,although they are expected to hold.
Nondeterministic system models can containunrealistic behavior, e.g.,
a certain process is never scheduled
a request is ignored forever
234 / 338
![Page 235: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/235.jpg)
Fairness 630
Liveness properties often cannot beestablished for nondeterministic system models,although they are expected to hold.
Nondeterministic system models can containunrealistic behavior, e.g.,
a certain process is never scheduled
a request is ignored forever
specify appropriate fairness assumptions,consider only fair executions for the analysis,
and ignore the unfair ones
235 / 338
![Page 236: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/236.jpg)
Process fairness 635
unconditional fairness:
�♦ engaged(P)�♦ engaged(P)�♦ engaged(P)
weak fairness:
♦� enabled(P) −→ �♦engaged(P)♦� enabled(P) −→ �♦engaged(P)♦� enabled(P) −→ �♦engaged(P)
strong fairness:
�♦ enabled(P) −→ �♦engaged(P)�♦ enabled(P) −→ �♦engaged(P)�♦ enabled(P) −→ �♦engaged(P)
engaged(P)engaged(P)engaged(P) === process PPP is scheduled
enabled(P)enabled(P)enabled(P) === process PPP can be scheduled
236 / 338
![Page 237: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/237.jpg)
Node fairness in Reo networks and CA 636
unconditional fairness:
�♦ engaged(A)�♦ engaged(A)�♦ engaged(A)
weak fairness:
♦� enabled(A) −→ �♦engaged(A)♦� enabled(A) −→ �♦engaged(A)♦� enabled(A) −→ �♦engaged(A)
strong fairness:
�♦ enabled(A) −→ �♦engaged(A)�♦ enabled(A) −→ �♦engaged(A)�♦ enabled(A) −→ �♦engaged(A)
engaged(A)engaged(A)engaged(A) === 〈〈A〉〉true〈〈A〉〉true〈〈A〉〉true
enabled(A)enabled(A)enabled(A) iff there exists a transition of thecurrent state where AAA is involved
237 / 338
![Page 238: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/238.jpg)
Again: elevator request component 650
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
238 / 338
![Page 239: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/239.jpg)
Again: elevator request component 650
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
suppose that node ToToTo resolves its choices fairly:
ψ =∧
1�i�k
(�♦ψ =
∧1�i�k
(�♦ψ =
∧1�i�k
(�♦ enabled(Toi)enabled(Toi)enabled(Toi) −→ �♦〈〈Toi〉〉true
)−→ �♦〈〈Toi〉〉true
)−→ �♦〈〈Toi〉〉true
)
strong fairness for the nodes To1, . . . ,TokTo1, . . . ,TokTo1, . . . ,Tok239 / 338
![Page 240: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/240.jpg)
Again: elevator request component 650
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
suppose that node ToToTo resolves its choices fairly:
ψ =∧
1�i�k
(�♦ψ =
∧1�i�k
(�♦ψ =
∧1�i�k
(�♦ enabled(Toi)enabled(Toi)enabled(Toi) −→ �♦〈〈Toi〉〉true
)−→ �♦〈〈Toi〉〉true
)−→ �♦〈〈Toi〉〉true
)���
“there exists a transition where ToiToiToi is active”240 / 338
![Page 241: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/241.jpg)
Again: elevator request component 650
User1User1User1
ToToTo
To1To1To1Req1Req1Req1
FromFromFrom
From1From1From1
...
...
...
TokTokTok
...
...
...
ReqkReqkReqk
UserkUserkUserk
FromkFromkFromk
∧1�i�k1�j�k
(�
(〈〈 Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈 Reqi ∧ dReqi=j 〉〉true −→∧
1�i�k1�j�k
(�
(〈〈 Reqi ∧ dReqi=j 〉〉true −→
♦(♦(♦( “elevator at iii” ∧ ♦∧ ♦∧ ♦ “elevator at jjj” )))
)))
)))
holds under fairness assumption ψψψ241 / 338
![Page 242: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/242.jpg)
Model checking with fairness 640
given: constraint automaton AAALTLIO formula ϕϕϕfairness assumptions ψ =
∧i
ψiψ =∧i
ψiψ =∧i
ψi
question: does A |= ϕA |= ϕA |= ϕ hold under fairness assumption ψψψ ?
242/338
![Page 243: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/243.jpg)
Model checking with fairness 640
given: constraint automaton AAALTLIO formula ϕϕϕfairness assumptions ψ =
∧i
ψiψ =∧i
ψiψ =∧i
ψi
question: does A |= ϕA |= ϕA |= ϕ hold under fairness assumption ψψψ ?
i.e., for all executions πππ of AAA:
if π |= ψπ |= ψπ |= ψ then π |= ϕπ |= ϕπ |= ϕ
243 / 338
![Page 244: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/244.jpg)
Model checking with fairness 640
given: constraint automaton AAALTLIO formula ϕϕϕfairness assumptions ψ =
∧i
ψiψ =∧i
ψiψ =∧i
ψi
question: does A |= ϕA |= ϕA |= ϕ hold under fairness assumption ψψψ ?
i.e., for all executions πππ of AAA:
if π |= ψπ |= ψπ |= ψ then π |= ϕπ |= ϕπ |= ϕ ←−←−←− π |= (ψ → ϕ)π |= (ψ → ϕ)π |= (ψ → ϕ)
244 / 338
![Page 245: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/245.jpg)
Model checking with fairness 640
given: constraint automaton AAALTLIO formula ϕϕϕfairness assumptions ψ =
∧i
ψiψ =∧i
ψiψ =∧i
ψi
question: does A |= ϕA |= ϕA |= ϕ hold under fairness assumption ψψψ ?
i.e., for all executions πππ of AAA:
if π |= ψπ |= ψπ |= ψ then π |= ϕπ |= ϕπ |= ϕ ←−←−←− π |= (ψ → ϕ)π |= (ψ → ϕ)π |= (ψ → ϕ)
method: use standard LTLIO model checkerfor the formula ψ → ϕψ → ϕψ → ϕ
(or adapt the model checking procedure)
245 / 338
![Page 246: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/246.jpg)
Overview ver
1 Modelling components and connectors
constraint automata (CA)coordination language Reo
2 Model checking with CA
Linear Temporal LogicAlternating Stream Logic ←−←−←−
3 Synthesis of connectors
246 / 338
![Page 247: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/247.jpg)
Alternating-time stream logic (ASL) 710
branching-time logic that combines features of
• computation tree logic (CTL) [Clarke,Emerson ’81]
∗∗∗ temporal operators (safety, liveness)
• modal logic (dynamic logic PDL)∗∗∗ regular expressions for specifying
data streams and their effect
247 / 338
![Page 248: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/248.jpg)
Alternating-time stream logic (ASL) 710
branching-time logic that combines features of
• computation tree logic (CTL) [Clarke,Emerson ’81]
∗∗∗ temporal operators (safety, liveness)
• modal logic (dynamic logic PDL)∗∗∗ regular expressions for specifying
data streams and their effect
• alternating-time temporal logic [Alur,Henz.,Kupfer.’97]
∗∗∗ CA as multi-player games
∗∗∗ reasoning about strategies of components andcooperation facilities of coalitions of components
248 / 338
![Page 249: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/249.jpg)
Syntax of ASL 720
ASL state formulas: as in CTL +++ . . .. . .. . .
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ . . .Φ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ . . .Φ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ . . .���
atomicproposition
249 / 338
![Page 250: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/250.jpg)
Syntax of ASL 720
ASL state formulas: as in CTL +++ . . .. . .. . .
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ . . .Φ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ . . .Φ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ . . .��� ���
atomicproposition
existentialpath quantifier
250 / 338
![Page 251: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/251.jpg)
Syntax of ASL 720
ASL state formulas: as in CTL +++ . . .. . .. . .
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ . . .Φ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ . . .Φ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ . . .
ASL path formulas: as in CTL + . . .+ . . .+ . . .
ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .
251 / 338
![Page 252: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/252.jpg)
Syntax of ASL 720
ASL state formulas: as in CTL +++ ATL-like quantifiers
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕΦ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕΦ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
ASL path formulas: as in CTL + . . .+ . . .+ . . .
ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .∃ϕ∃ϕ∃ϕ “there exists an execution where ϕϕϕ holds”
ECϕECϕECϕ “coalition CCC can enforce that ϕϕϕ holds”
no matter how the opponents behave
252 / 338
![Page 253: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/253.jpg)
Syntax of ASL 720
ASL state formulas: as in CTL +++ ATL-like quantifiers
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕΦ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕΦ ::= true
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
ASL path formulas: as in CTL + . . .+ . . .+ . . .
ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .∃ϕ∃ϕ∃ϕ “there exists an execution where ϕϕϕ holds”
ECϕECϕECϕ “coalition CCC can enforce that ϕϕϕ holds”
no matter how the opponents behave
where CCC is a coalition, i.e., set of I/O-ports
253 / 338
![Page 254: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/254.jpg)
Syntax of ASL 720
ASL state formulas: as in CTL +++ ATL-like quantifiers
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕ
ASL path formulas: as in CTL + . . .+ . . .+ . . .
ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .∃ϕ∃ϕ∃ϕ “there exists an execution where ϕϕϕ holds”
ECϕECϕECϕ “coalition CCC can enforce that ϕϕϕ holds”
ACϕACϕACϕ “coalition CCC cannot avoid that ϕϕϕ holds”
where CCC is a coalition, i.e., set of I/O-ports
254 / 338
![Page 255: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/255.jpg)
Syntax of ASL 720
ASL state formulas: as in CTL +++ ATL-like quantifiers
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕ
ASL path formulas: as in CTL + . . .+ . . .+ . . .
ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .∃ϕ∃ϕ∃ϕ “there exists an execution where ϕϕϕ holds”
ECϕECϕECϕ “coalition CCC can enforce that ϕϕϕ holds”
ACϕACϕACϕ “coalition CCC cannot avoid that ϕϕϕ holds”
derived: e.g., AC♦ΦAC♦ΦAC♦Φ === ¬EC�¬Φ¬EC�¬Φ¬EC�¬Φ
255 / 338
![Page 256: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/256.jpg)
Syntax of ASL 720
ASL state formulas: as in CTL +++ ATL-like quantifiers
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕ
ASL path formulas: as in CTL + . . .+ . . .+ . . .
ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ . . .ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ . . .∃ϕ∃ϕ∃ϕ “there exists an execution where ϕϕϕ holds”
ECϕECϕECϕ “coalition CCC can enforce that ϕϕϕ holds”
ACϕACϕACϕ “coalition CCC cannot avoid that ϕϕϕ holds”
derived: e.g., AC♦ΦAC♦ΦAC♦Φ === ¬EC�¬Φ¬EC�¬Φ¬EC�¬Φ , ∃ϕ = A∅ϕ∃ϕ = A∅ϕ∃ϕ = A∅ϕ
��
����
����
����
����
����
����
����
����
����
����
����
����
����
����
����
����
����
��
256 / 338
![Page 257: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/257.jpg)
ASL path formulas 730
ASL state formulas: as in CTL +++ ATL-like quantifiers
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕ
ASL path formulas: as in CTL +++ PDL-like expressions
ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φ
where ααα is again a regular expression that specifiesa set of finite data streams (as in LTLIOLTLIOLTLIO)
257 / 338
![Page 258: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/258.jpg)
ASL path formulas 730
ASL state formulas: as in CTL +++ ATL-like quantifiers
Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕΦ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ ∣∣ ECϕ
∣∣ ACϕ
ASL path formulas: as in CTL +++ PDL-like expressions
ϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φ
where ααα is again a regular expression that specifiesa set of finite data streams (as in LTLIOLTLIOLTLIO)
〈〈α〉〉Φ〈〈α〉〉Φ〈〈α〉〉Φ “there is a ααα-prefix that ends in a ΦΦΦ-state”
[|α |]Φ[|α |]Φ[|α |]Φ “all ααα-prefixes end in a ΦΦΦ-state”258 / 338
![Page 259: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/259.jpg)
Semantics of ASL 740
259 / 338
![Page 260: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/260.jpg)
Semantics of ASL path formulas 740
ASL path formulas:
ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φgiven an execution π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . . of a CA:
260 / 338
![Page 261: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/261.jpg)
Semantics of ASL path formulas 740
ASL path formulas:
ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φgiven an execution π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . . of a CA:
π |=©Φπ |=©Φπ |=©Φ iff q1 |= Φq1 |= Φq1 |= Φ
π |= Φ1 UΦ2π |= Φ1 U Φ2π |= Φ1 UΦ2 iff there exists i � 0i � 0i � 0 s.t. qi |= Φ2qi |= Φ2qi |= Φ2 andqj |= Φ1qj |= Φ1qj |= Φ1 for all 0 � j < i0 � j < i0 � j < i
261 / 338
![Page 262: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/262.jpg)
Semantics of ASL path formulas 740
ASL path formulas:
ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φgiven an execution π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . . of a CA:
π |=©Φπ |=©Φπ |=©Φ iff q1 |= Φq1 |= Φq1 |= Φ
π |= Φ1 UΦ2π |= Φ1 U Φ2π |= Φ1 UΦ2 iff there exists i � 0i � 0i � 0 s.t. qi |= Φ2qi |= Φ2qi |= Φ2 andqj |= Φ1qj |= Φ1qj |= Φ1 for all 0 � j < i0 � j < i0 � j < i
π |= 〈〈α〉〉Φπ |= 〈〈α〉〉Φπ |= 〈〈α〉〉Φ iff there exists a finite prefix σσσ of πππ s.t.stream(σ) ∈ L(α)stream(σ) ∈ L(α)stream(σ) ∈ L(α) and last(σ) |= Φlast(σ) |= Φlast(σ) |= Φ
262 / 338
![Page 263: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/263.jpg)
Semantics of ASL path formulas 740
ASL path formulas:
ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φgiven an execution π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . . of a CA:
π |=©Φπ |=©Φπ |=©Φ iff q1 |= Φq1 |= Φq1 |= Φ
π |= Φ1 UΦ2π |= Φ1 U Φ2π |= Φ1 UΦ2 iff there exists i � 0i � 0i � 0 s.t. qi |= Φ2qi |= Φ2qi |= Φ2 andqj |= Φ1qj |= Φ1qj |= Φ1 for all 0 � j < i0 � j < i0 � j < i
π |= 〈〈α〉〉Φπ |= 〈〈α〉〉Φπ |= 〈〈α〉〉Φ iff there exists a finite prefix σσσ of πππ s.t.stream(σ) ∈ L(α)stream(σ) ∈ L(α)stream(σ) ∈ L(α) and last(σ) |= Φlast(σ) |= Φlast(σ) |= Φ
π |= [|α |]Φπ |= [|α |]Φπ |= [|α |]Φ iff for all finite prefixes σσσ of πππ:stream(σ) ∈ L(α)stream(σ) ∈ L(α)stream(σ) ∈ L(α) implies last(σ) |= Φlast(σ) |= Φlast(σ) |= Φ
263 / 338
![Page 264: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/264.jpg)
Semantics of ASL path formulas 741
ASL path formulas:
ϕ ::=©Φ∣∣ Φ1 UΦ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φϕ ::=©Φ∣∣ Φ1 U Φ2
∣∣ 〈〈α〉〉Φ ∣∣ [|α |]Φgiven an execution π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . .π = q0
c1−→ q1c2−→ . . . of a CA:
π |=©Φπ |=©Φπ |=©Φ iff q1 |= Φq1 |= Φq1 |= Φ
π |= Φ1 UΦ2π |= Φ1 U Φ2π |= Φ1 UΦ2 iff there exists i � 0i � 0i � 0 s.t. qi |= Φ2qi |= Φ2qi |= Φ2 andqj |= Φ1qj |= Φ1qj |= Φ1 for all 0 � j < i0 � j < i0 � j < i
π |= 〈〈α〉〉Φπ |= 〈〈α〉〉Φπ |= 〈〈α〉〉Φ iff there exists i � 0i � 0i � 0 s.t.c1 c2 . . . ci ∈ L(α)c1 c2 . . . ci ∈ L(α)c1 c2 . . . ci ∈ L(α) and qi |= Φqi |= Φqi |= Φ
π |= [|α |]Φπ |= [|α |]Φπ |= [|α |]Φ iff for all i � 0i � 0i � 0 we have:c1 c2 . . . ci ∈ L(α)c1 c2 . . . ci ∈ L(α)c1 c2 . . . ci ∈ L(α) implies qi |= Φqi |= Φqi |= Φ
264 / 338
![Page 265: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/265.jpg)
Semantics of ASL state formulas 745
ASL state formulas:
Φ ::=Φ ::=Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ︸ ︷︷ ︸
as in CTL
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
265 / 338
![Page 266: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/266.jpg)
Semantics of ASL state formulas 745
ASL state formulas:
Φ ::=Φ ::=Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ︸ ︷︷ ︸
as in CTL
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
for state qqq of a CA:
q |= trueq |= trueq |= true
q |= aq |= aq |= a iff “aaa holds in state qqq”
q |= Φ1 ∧ Φ2q |= Φ1 ∧ Φ2q |= Φ1 ∧ Φ2 iff q |= Φ1q |= Φ1q |= Φ1 and q |= Φ2q |= Φ2q |= Φ2
q |= ¬Φq |= ¬Φq |= ¬Φ iff q �|= Φq �|= Φq �|= Φ
q |= ∃ϕq |= ∃ϕq |= ∃ϕ iff there is an execution πππ startingin qqq such that π |= ϕπ |= ϕπ |= ϕ
266 / 338
![Page 267: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/267.jpg)
Semantics of ASL state formulas 745
ASL state formulas:
Φ ::=Φ ::=Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ︸ ︷︷ ︸
as in CTL
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
for state qqq of a CA:
q |= EC ϕq |= EC ϕq |= EC ϕ iff “coalition CCC can enforce that ϕϕϕ holds”
q |= AC ϕq |= AC ϕq |= AC ϕ iff “coalition CCC cannot avoid that ϕϕϕ holds”267 / 338
![Page 268: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/268.jpg)
Semantics of ASL state formulas 745
ASL state formulas:
Φ ::=Φ ::=Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ︸ ︷︷ ︸
as in CTL
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
for state qqq of a CA:
q |= EC ϕq |= EC ϕq |= EC ϕ iff there exists a strategy SSS for theports A ∈ CA ∈ CA ∈ C s.t. for all SSS-executions πππstarting in qqq: π |= ϕπ |= ϕπ |= ϕ���
q |= EC ϕq |= EC ϕq |= EC ϕ iff “coalition CCC can enforce that ϕϕϕ holds”
q |= AC ϕq |= AC ϕq |= AC ϕ iff “coalition CCC cannot avoid that ϕϕϕ holds”268 / 338
![Page 269: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/269.jpg)
Semantics of ASL state formulas 745
ASL state formulas:
Φ ::=Φ ::=Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ︸ ︷︷ ︸
as in CTL
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
for state qqq of a CA:
q |= EC ϕq |= EC ϕq |= EC ϕ iff there exists a strategy SSS for theports A ∈ CA ∈ CA ∈ C s.t. for all SSS-executions πππstarting in qqq: π |= ϕπ |= ϕπ |= ϕ
strategy SSS assigns to each finite execution σσσ a set ofconcurrent I/O-operations that contains all concurrent
I/O-operations where no port in CCC is involved269 / 338
![Page 270: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/270.jpg)
Semantics of ASL state formulas 746
ASL state formulas:
Φ ::=Φ ::=Φ ::= true∣∣ a
∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕtrue
∣∣ a∣∣ Φ1 ∧ Φ2
∣∣ ¬Φ∣∣ ∃ϕ︸ ︷︷ ︸
as in CTL
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
∣∣ EC ϕ∣∣ AC ϕ
for state qqq of a CA:
q |= EC ϕq |= EC ϕq |= EC ϕ iff there exists a strategy SSS for theports A ∈ CA ∈ CA ∈ C s.t. for all SSS-executions πππstarting in qqq: π |= ϕπ |= ϕπ |= ϕ
q |= AC ϕq |= AC ϕq |= AC ϕ iff for all strategies SSS for the ports A ∈ CA ∈ CA ∈ C
there exists an SSS-execution πππstarting in qqq such that π |= ϕπ |= ϕπ |= ϕ
270 / 338
![Page 271: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/271.jpg)
ASL model checking 750
given: finite constraint automaton AAAASL state formula ΦΦΦ
question: does A |= ΦA |= ΦA |= Φ hold ?
271/338
![Page 272: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/272.jpg)
ASL model checking 750
given: finite constraint automaton AAAASL state formula ΦΦΦ
question: does A |= ΦA |= ΦA |= Φ hold ?
algorithm: compute recursively the satisfaction sets
Sat(Ψ) ={
Sat(Ψ) ={
Sat(Ψ) ={
qqq state in AAA : q |= Ψq |= Ψq |= Ψ}}}
for all state subformulas ΨΨΨ of ΦΦΦ
272 / 338
![Page 273: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/273.jpg)
ASL model checking 750
given: finite constraint automaton AAAASL state formula ΦΦΦ
question: does A |= ΦA |= ΦA |= Φ hold ?
algorithm: compute recursively the satisfaction sets
Sat(Ψ) ={
Sat(Ψ) ={
Sat(Ψ) ={
qqq state in AAA : q |= Ψq |= Ψq |= Ψ}}}
for all state subformulas ΨΨΨ of ΦΦΦ
• treatment of EC♦ΨEC ♦ΨEC ♦Ψ, or EC�ΨEC�ΨEC�Ψ:iterative fixed point computation
• treatment of EC〈〈α〉〉ΨEC〈〈α〉〉ΨEC〈〈α〉〉Ψ or EC[|α |]ΨEC[|α |]ΨEC[|α |]Ψ:via reduction to EC ♦EC ♦EC♦ and or EC�EC�EC�, respectively
273 / 338
![Page 274: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/274.jpg)
Computation of Sat(EC〈〈α〉〉Ψ)Sat(EC〈〈α〉〉Ψ)Sat(EC〈〈α〉〉Ψ) 760
finite constraintautomaton AAA
ASL state formulaEC〈〈α〉〉ΨEC〈〈α〉〉ΨEC〈〈α〉〉Ψ
274 / 338
![Page 275: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/275.jpg)
Computation of Sat(EC〈〈α〉〉Ψ)Sat(EC〈〈α〉〉Ψ)Sat(EC〈〈α〉〉Ψ) 760
finite constraintautomaton AAA
ASL state formulaEC〈〈α〉〉ΨEC〈〈α〉〉ΨEC〈〈α〉〉Ψ
DFAMMM for ααα
275 / 338
![Page 276: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/276.jpg)
Computation of Sat(EC〈〈α〉〉Ψ)Sat(EC〈〈α〉〉Ψ)Sat(EC〈〈α〉〉Ψ) 760
finite constraintautomaton AAA
ASL state formulaEC〈〈α〉〉ΨEC〈〈α〉〉ΨEC〈〈α〉〉Ψ
DFAMMM for ααα
construct the product-CA A ��MA ��MA ��M
276 / 338
![Page 277: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/277.jpg)
Computation of Sat(EC〈〈α〉〉Ψ)Sat(EC〈〈α〉〉Ψ)Sat(EC〈〈α〉〉Ψ) 760
finite constraintautomaton AAA
ASL state formulaEC〈〈α〉〉ΨEC〈〈α〉〉ΨEC〈〈α〉〉Ψ
DFAMMM for ααα
construct the product-CA A ��MA ��MA ��Mcompute the set of states qqq in AAA s.t.〈q, init〉 |= EC ♦(Ψ ∧ final)〈q, init〉 |= EC ♦(Ψ ∧ final)〈q, init〉 |= EC ♦(Ψ ∧ final)
277 / 338
![Page 278: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/278.jpg)
Computation of Sat(EC[|α |]Ψ)Sat(EC[|α |]Ψ)Sat(EC[|α |]Ψ) 765
finite constraintautomaton AAA
ASL state formulaEC[|α |]ΨEC[|α |]ΨEC[|α |]Ψ
DFAMMM for ααα
construct the product-CA A ��MA ��MA ��Mcompute the set of states qqq in AAA s.t.〈q, init〉 |= EC�(final → Ψ)〈q, init〉 |= EC�(final → Ψ)〈q, init〉 |= EC�(final → Ψ)
278 / 338
![Page 279: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/279.jpg)
Complexity of ASL model checking 770
given: finite constraint automaton AAAASL state formula ΦΦΦ
question: does A |= ΦA |= ΦA |= Φ hold ?
complexity of the sketched algorithm:
O(size(A) · exp(k) · |Φ|)O(size(A) · exp(k) · |Φ|)O(size(A) · exp(k) · |Φ|)
where k =k =k = maximal length |α||α||α| of a stream expressionthat appears in ΦΦΦ
279 / 338
![Page 280: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/280.jpg)
Complexity of ASL model checking 770
given: finite constraint automaton AAAASL state formula ΦΦΦ
question: does A |= ΦA |= ΦA |= Φ hold ?
complexity of the sketched algorithm:
O(size(A) · exp(k) · |Φ|)O(size(A) · exp(k) · |Φ|)O(size(A) · exp(k) · |Φ|)
where k =k =k = maximal length |α||α||α| of a stream expressionthat appears in ΦΦΦ ���
exponential blow-up possible as DFA forpath subformulas 〈〈α〉〉Ψ〈〈α〉〉Ψ〈〈α〉〉Ψ or [|α |]Ψ[|α |]Ψ[|α |]Ψ are required
280 / 338
![Page 281: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/281.jpg)
Better complexity for fragments of ASL 775
281 / 338
![Page 282: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/282.jpg)
Better complexity for fragments of ASL 775
complexity of model checking for formulas of
• the ATL-fragment of ASL (without 〈〈α〉〉〈〈α〉〉〈〈α〉〉, [|α |][|α |][|α |]):O(
size(A) · |Φ|)O(size(A) · |Φ|)O(size(A) · |Φ|) ←−←−←− as for standard ATL
282 / 338
![Page 283: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/283.jpg)
Better complexity for fragments of ASL 775
complexity of model checking for formulas of
• the ATL-fragment of ASL (without 〈〈α〉〉〈〈α〉〉〈〈α〉〉, [|α |][|α |][|α |]):O(
size(A) · |Φ|)O(size(A) · |Φ|)O(size(A) · |Φ|) ←−←−←− as for standard ATL
• the fragment of ASL consisting of CTL +∃〈〈α〉〉+∃〈〈α〉〉+∃〈〈α〉〉:O(
size(A) · |Φ|)O(size(A) · |Φ|)O(size(A) · |Φ|) ←−←−←− NFA are sufficient
283 / 338
![Page 284: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/284.jpg)
Better complexity for fragments of ASL 775
complexity of model checking for formulas of
• the ATL-fragment of ASL (without 〈〈α〉〉〈〈α〉〉〈〈α〉〉, [|α |][|α |][|α |]):O(
size(A) · |Φ|)O(size(A) · |Φ|)O(size(A) · |Φ|) ←−←−←− as for standard ATL
• the fragment of ASL consisting of CTL +∃〈〈α〉〉+∃〈〈α〉〉+∃〈〈α〉〉:O(
size(A) · |Φ|)O(size(A) · |Φ|)O(size(A) · |Φ|) ←−←−←− NFA are sufficient
but: PSPACE-completeness of the model checkingproblem for ASL formulas of the form EC〈〈α〉〉aEC〈〈α〉〉aEC〈〈α〉〉awhere ααα is given by an NFA
284 / 338
![Page 285: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/285.jpg)
ASL and synthesis 779
285 / 338
![Page 286: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/286.jpg)
Cooperation of components 780
constraint automatonM = C1‖C2‖C3‖. . .‖Cn‖RM = C1‖C2‖C3‖. . .‖Cn‖RM = C1‖C2‖C3‖. . .‖Cn‖R
ASL model checker“doesM |= EC1,C2
ϕM |= EC1,C2 ϕM |= EC1,C2ϕ hold ?”
componentinterfaces
C1,C2,C3, ...,CnC1,C2,C3, ...,CnC1,C2,C3, ...,Cn
connectorReo network
no yes286 / 338
![Page 287: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/287.jpg)
Cooperation of components 780
can C1C1C1, C2C2C2 cooperateto ensure that thepath property ϕϕϕ
holds for all paths ?
constraint automatonM = C1‖C2‖C3‖. . .‖Cn‖RM = C1‖C2‖C3‖. . .‖Cn‖RM = C1‖C2‖C3‖. . .‖Cn‖R
ASL model checker“doesM |= EC1,C2
ϕM |= EC1,C2 ϕM |= EC1,C2ϕ hold ?”
componentinterfaces
C1,C2,C3, ...,CnC1,C2,C3, ...,CnC1,C2,C3, ...,Cn
connectorReo network
no yes287 / 338
![Page 288: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/288.jpg)
Synthesis of controller for C1C1C1 and C2C2C2 ? 780
can C1C1C1, C2C2C2 cooperateto ensure that thepath property ϕϕϕ
holds for all paths ?
constraint automatonM = C1‖C2‖C3‖. . .‖Cn‖RM = C1‖C2‖C3‖. . .‖Cn‖RM = C1‖C2‖C3‖. . .‖Cn‖R
ASL model checker“doesM |= EC1,C2
ϕM |= EC1,C2ϕM |= EC1,C2ϕ hold ?”
componentinterfaces
C1,C2,C3, ...,CnC1,C2,C3, ...,CnC1,C2,C3, ...,Cn
connectorReo network
no network for C1,C2C1,C2C1,C2
?
288/338
![Page 289: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/289.jpg)
Compatibility checking 830
compatibility[deAlfaro/Henzinger’03]
can C1, ...,CnC1, ...,CnC1, ...,Cn cooperatesuch that C1‖. . .‖CnC1‖. . .‖CnC1‖. . .‖Cn
is never blocked ?
constraint automatonM = C1‖C2‖C3‖. . .‖CnM = C1‖C2‖C3‖. . .‖CnM = C1‖C2‖C3‖. . .‖Cn
ASL model checkerASL model checker“M |= EC1,...,Cn
© trueM |= EC1,...,Cn © trueM |= EC1,...,Cn© true ?”
componentinterfaces
C1,C2,C3, ...,CnC1,C2,C3, ...,CnC1,C2,C3, ...,Cn
no yes289 / 338
![Page 290: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/290.jpg)
Compatibility checking 830
do the interfaces ofC1, ...,CnC1, ...,CnC1, ...,Cn meet each other
interface constraints ?
���ASL+++ path formulaϕ = ψ1 ∧ . . . ∧ ψnϕ = ψ1 ∧ . . . ∧ ψnϕ = ψ1 ∧ . . . ∧ ψn
constraint automatonM = C1‖C2‖C3‖. . .‖CnM = C1‖C2‖C3‖. . .‖CnM = C1‖C2‖C3‖. . .‖Cn
ASL model checker“M |= EC1,...Cn
ϕM |= EC1,...Cn ϕM |= EC1,...Cnϕ ?”
componentinterfaces
C1,C2,C3, ...,CnC1,C2,C3, ...,CnC1,C2,C3, ...,Cn
no yes290 / 338
![Page 291: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/291.jpg)
Compatibility checking 830
do the interfaces ofC1, ...,CnC1, ...,CnC1, ...,Cn meet each other
interface constraints ?
���ASL+++ path formulaϕ = ψ1 ∧ . . . ∧ ψnϕ = ψ1 ∧ . . . ∧ ψnϕ = ψ1 ∧ . . . ∧ ψn
constraint automatonM = C1‖C2‖C3‖. . .‖CnM = C1‖C2‖C3‖. . .‖CnM = C1‖C2‖C3‖. . .‖Cn
ASL model checker“M |= EC1,...Cn
ϕM |= EC1,...Cn ϕM |= EC1,...Cnϕ ?”
componentinterfaces
C1,C2,C3, ...,CnC1,C2,C3, ...,CnC1,C2,C3, ...,Cn
no yes +++ Reo network
?
291/338
![Page 292: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/292.jpg)
Generation of Reo network 820
constraintautomaton AAA
ASL stateformula EC ϕEC ϕEC ϕ
analyze the CA AAAagainst EC ϕEC ϕEC ϕ
292 / 338
![Page 293: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/293.jpg)
Generation of Reo network 820
constraintautomaton AAA
ASL stateformula EC ϕEC ϕEC ϕ
analyze the CA AAAagainst EC ϕEC ϕEC ϕ
generate sub-automaton BBB of AAAwhere ∀ϕ∀ϕ∀ϕ holds
293 / 338
![Page 294: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/294.jpg)
Generation of Reo network 820
constraintautomaton AAA
ASL stateformula EC ϕEC ϕEC ϕ
analyze the CA AAAagainst EC ϕEC ϕEC ϕ
generate sub-automaton BBB of AAAwhere ∀ϕ∀ϕ∀ϕ holds
derive a Reo network RRR that coordinates CCCfrom the automaton BBB
294 / 338
![Page 295: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/295.jpg)
Overview ver
1 Modelling components and connectors
constraint automata (CA)coordination language Reo
2 Model checking with CA
Linear Temporal LogicAlternating Stream Logic
3 Synthesis of connectors
295/ 338
![Page 296: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/296.jpg)
Reo and CA 790
Reo network RRR
constraintautomaton AAA
operationalsemantics
296 / 338
![Page 297: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/297.jpg)
Reo and CA 790
Reo network RRR
constraintautomaton AAA
operationalsemantics
synthesis
297 / 338
![Page 298: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/298.jpg)
From CA to Reo 790
Reo network RRR
constraintautomaton AAA
operationalsemantics
synthesis
For each finite CA AAA, a Reo network RRR of sizeO(
size(A))O(
size(A))O(
size(A))
can be constructed such that
AAA === operational semantics of RRR(up to some notion of behavorial equivalence)
298 / 338
![Page 299: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/299.jpg)
From CA to Reo 800
given: constraint automaton A = (Q,N ,−→, {q0})A = (Q,N ,−→, {q0})A = (Q,N ,−→, {q0})where N = Nin ∪ NoutN = Nin ∪NoutN = Nin ∪Nout (no internal ports)
task: synthesize an equivalent Reo network RRR
299 / 338
![Page 300: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/300.jpg)
From CA to Reo 800
given: constraint automaton A = (Q,N ,−→, {q0})A = (Q,N ,−→, {q0})A = (Q,N ,−→, {q0})where N = Nin ∪ NoutN = Nin ∪NoutN = Nin ∪Nout (no internal ports)
task: synthesize an equivalent Reo network RRR
idea: states ��� FIFO bufferstransitions ��� data flow in RRR
300 / 338
![Page 301: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/301.jpg)
From CA to Reo 800
given: constraint automaton A = (Q,N ,−→, {q0})A = (Q,N ,−→, {q0})A = (Q,N ,−→, {q0})where N = Nin ∪ NoutN = Nin ∪NoutN = Nin ∪Nout (no internal ports)
task: synthesize an equivalent Reo network RRR
idea: states ��� FIFO bufferstransitions ��� data flow in RRR
• current state qqq of AAA is represented by a token in theFIFO buffer for qqq
• firing a transition in AAA corresponds to passingthe token from one FIFO to another one
301 / 338
![Page 302: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/302.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
302 / 338
![Page 303: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/303.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
Reo network with one I/O-portfor each port in NNN
303 / 338
![Page 304: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/304.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
304 / 338
![Page 305: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/305.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
one FIFO channel for each state such that ineach reachable configuration:
precisely one of the FIFO buffers is filled(indicating the current state)
305 / 338
![Page 306: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/306.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
for proper treatment of self-loops qN , g−−−→ qqN , g−−−→ qqN , g−−−→ q:
variant of standard FIFO channels thatcan send and receive token simultaneously
306 / 338
![Page 307: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/307.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
��� ���FIFO for
current state qqqFIFO for
target state q′q′q′
307 / 338
![Page 308: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/308.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
���route node choosesnondeterministicallybetween outgoingtransitions q → . . .q → . . .q → . . .
308 / 338
![Page 309: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/309.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
���merging incomingtransitions to q′q′q′
309 / 338
![Page 310: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/310.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
constraint checkerNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
merge outputsat portsA ∈ N ∩NoutA ∈ N ∩NoutA ∈ N ∩ Nout
310 / 338
![Page 311: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/311.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
constraint checkerNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
merge outputsat portsA ∈ N ∩NoutA ∈ N ∩NoutA ∈ N ∩ Nout
route inputsat portsB ∈ N ∩ NinB ∈ N ∩NinB ∈ N ∩Nin
311 / 338
![Page 312: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/312.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
constraint checkerNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
route inputsat portsB ∈ N ∩ NinB ∈ N ∩NinB ∈ N ∩Nin
subconnector:checks the
I/O-constraintN , gN , gN , g
312 / 338
![Page 313: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/313.jpg)
representation of transition qN , g−−−→ q′qN , g−−−→ q′qN , g−−−→ q′ in the network
state qqqNNN,ggg
constraint checkerNNN,ggg
. . .state q′q′q′
transition
A ∈ NoutA ∈ NoutA ∈ Nout B ∈ NinB ∈ NinB ∈ Nin
313 / 338
![Page 314: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/314.jpg)
Vereofy 960
modeling and verification toolset for CA & Reo
314 / 338
![Page 315: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/315.jpg)
Vereofy 960
specificationSPECconstraint
automaton
symbolic BDD-basedmodel checking engine
315 / 338
![Page 316: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/316.jpg)
Vereofy 960
specificationSPECconstraint
automaton
symbolic BDD-basedmodel checking engine
CARMLCARML
relies on a hybrid modeling approach
CARML guarded command language for specifying CA(component interfaces)
316 / 338
![Page 317: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/317.jpg)
Vereofy 960
specificationSPECconstraint
automaton
symbolic BDD-basedmodel checking engine
CARML RSLRSL
relies on a hybrid modeling approach
CARML guarded command language for specifying CARSL Reo scripting language
317 / 338
![Page 318: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/318.jpg)
Vereofy 960
specificationSPECconstraint
automaton
symbolic BDD-basedmodel checking engine
CARML librarylibrary RSL
relies on a hybrid modeling approach
CARML guarded command language for specifying CARSL Reo scripting language
318 / 338
![Page 319: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/319.jpg)
Vereofy 960
ASL or LTLIO
formulaconstraintautomaton
symbolic BDD-basedmodel checking engine
CARML library RSL
model checking engine:
• temporal logics ASL and (fragment of) LTLIO
319 / 338
![Page 320: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/320.jpg)
Vereofy 960
CA forchecking
bisimulationconstraintautomaton
symbolic BDD-basedmodel checking engine
CARML library RSL
model checking engine:
• temporal logics ASL and (fragment of) LTLIO
• bisimulation checking320 / 338
![Page 321: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/321.jpg)
Vereofy 960
CA forchecking
bisimulationconstraintautomaton
symbolic BDD-basedmodel checking engine
CARML library RSL
integrated in the Extensible Coordination Tools GUIgraphical Reo network editor, RSL import/export,
counterexample/witness animations,. . .
321 / 338
![Page 322: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/322.jpg)
Example: RSL script for FIFO with kkk buffer cells 970
322 / 338
![Page 323: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/323.jpg)
Example: RSL script for FIFO with kkk buffer cells 970
CIRCUIT FIFO<k> {for (i=0;i<k;i=i+1) {f[i] = new FIFO1;
if (i>1) {join(f[i-1].sink, f[i].source); }
}source = f[0].source;
sink = f[k-1].sink;
}
323 / 338
![Page 324: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/324.jpg)
Example: RSL script for FIFO with kkk buffer cells 970
CIRCUIT FIFO<k> { ←−←−←− parametrization
for (i=0;i<k;i=i+1) {f[i] = new FIFO1;
if (i>1) {join(f[i-1].sink, f[i].source); }
}source = f[0].source;
sink = f[k-1].sink;
}
324 / 338
![Page 325: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/325.jpg)
Example: RSL script for FIFO with kkk buffer cells 970
CIRCUIT FIFO<k> { ←−←−←− parametrization
for (i=0;i<k;i=i+1) {f[i] = new FIFO1; ←−←−←− instantiationif (i>1) {join(f[i-1].sink, f[i].source); }
}source = f[0].source;
sink = f[k-1].sink;
}
325 / 338
![Page 326: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/326.jpg)
Example: RSL script for FIFO with kkk buffer cells 970
CIRCUIT FIFO<k> { ←−←−←− parametrization
for (i=0;i<k;i=i+1) {f[i] = new FIFO1; ←−←−←− instantiationif (i>1) {join(f[i-1].sink, f[i].source); }
}source = f[0].source;
sink = f[k-1].sink;
}
combinesink end of FIFO i−1i−1i−1
with source end of FIFO iiiin a node
326 / 338
![Page 327: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/327.jpg)
Example: RSL script for FIFO with kkk buffer cells 970
CIRCUIT FIFO<k> { ←−←−←− parametrization
for (i=0;i<k;i=i+1) {f[i] = new FIFO1; ←−←−←− instantiationif (i>1) {join(f[i-1].sink, f[i].source); }
}source = f[0].source;
sink = f[k-1].sink;
}
combinesink end of FIFO i−1i−1i−1
with source end of FIFO iiiin a node
327 / 338
![Page 328: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/328.jpg)
Example: RSL script for FIFO with kkk buffer cells 970
CIRCUIT FIFO<k> { ←−←−←− parametrization
for (i=0;i<k;i=i+1) {f[i] = new FIFO1; ←−←−←− instantiationif (i>1) {join(f[i-1].sink, f[i].source); }
}source = f[0].source;
sink = f[k-1].sink;←−←−←− interface declaration
}
328 / 338
![Page 329: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/329.jpg)
Example: RSL script for FIFO with kkk buffer cells 970
CIRCUIT FIFO<k> { ←−←−←− parametrization
for (i=0;i<k;i=i+1) {f[i] = new FIFO1; ←−←−←− instantiationif (i>1) {join(f[i-1].sink, f[i].source); }
}source = f[0].source;
sink = f[k-1].sink;←−←−←− interface declaration
}
329 / 338
![Page 330: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/330.jpg)
Conclusions 1000
330 / 338
![Page 331: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/331.jpg)
Conclusions 1000
constraint automata ... uniform operational model for
• component interfaces C1, . . . ,CnC1, . . . ,CnC1, . . . ,Cn
• glue code RRR• composite system C1‖. . .‖Cn‖RC1‖. . .‖Cn‖RC1‖. . .‖Cn‖R
331 / 338
![Page 332: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/332.jpg)
Conclusions 1000
constraint automata ... uniform operational model for
• component interfaces C1, . . . ,CnC1, . . . ,CnC1, . . . ,Cn
• glue code RRR ←−←−←− Reo network• composite system C1‖. . .‖Cn‖RC1‖. . .‖Cn‖RC1‖. . .‖Cn‖R
Reo ... elegant, declaractive way to specify connectors
• compositional CA-semantics• well suited for hierarchical design• very expressive
332 / 338
![Page 333: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/333.jpg)
Conclusions 1000
constraint automata ... uniform operational model for
• component interfaces C1, . . . ,CnC1, . . . ,CnC1, . . . ,Cn
• glue code RRR ←−←−←− Reo network• composite system C1‖. . .‖Cn‖RC1‖. . .‖Cn‖RC1‖. . .‖Cn‖R
Reo ... elegant, declaractive way to specify connectors
• compositional CA-semantics• well suited for hierarchical design• very expressive
embeddings of various other formalisms into Reo
Petri netsUML sequence diagrams
CCS-like process calculiname-passing calculi
333 / 338
![Page 334: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/334.jpg)
Conclusions 1000
constraint automata ... uniform operational model for
• component interfaces C1, . . . ,CnC1, . . . ,CnC1, . . . ,Cn
• glue code RRR ←−←−←− Reo network• composite system C1‖. . .‖Cn‖RC1‖. . .‖Cn‖RC1‖. . .‖Cn‖R
Reo ... elegant, declaractive way to specify connectors
• compositional CA-semantics• well suited for hierarchical design• very expressive
various applications, e.g.,
coordination protocolsweb-serviceselectronic auction protocol
biological systemssensor networks
...
...
...334 / 338
![Page 335: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/335.jpg)
Conclusions 1000
constraint automata ... uniform operational model for
• component interfaces C1, . . . ,CnC1, . . . ,CnC1, . . . ,Cn
• glue code RRR ←−←−←− Reo network• composite system C1‖. . .‖Cn‖RC1‖. . .‖Cn‖RC1‖. . .‖Cn‖R
Reo ... elegant, declaractive way to specify connectors
• compositional CA-semantics• well suited for hierarchical design• very expressive
just mild adaptions of known verification techniques
• temporal logics: linear- and branching-time• bisimulation equivalence checking• synthesis, compatibility, alternating-time logics
335 / 338
![Page 336: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/336.jpg)
Current developments, future work 1001
• quantitative analysis, QoS
∗∗∗ probabilistic extensions of CA∗∗∗ timed CA∗∗∗ CA with other cost functions
336 / 338
![Page 337: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/337.jpg)
Current developments, future work 1001
• quantitative analysis, QoS
∗∗∗ probabilistic extensions of CA∗∗∗ timed CA∗∗∗ CA with other cost functions
• variants of CA to model context-sensitive behaviorsand dynamic reconfigurations
337 / 338
![Page 338: Modeling and Verification of Components and Connectors · joint work with Tobias Blechmann Joachim Klein Sascha Kl¨uppelholz 1/338. Components and connectors 010 connector C2 C1](https://reader034.vdocuments.us/reader034/viewer/2022042317/5f0604827e708231d415e126/html5/thumbnails/338.jpg)
Current developments, future work 1001
• quantitative analysis, QoS
∗∗∗ probabilistic extensions of CA∗∗∗ timed CA∗∗∗ CA with other cost functions
• variants of CA to model context-sensitive behaviorsand dynamic reconfigurations
• better algorithms for compatibility andcompositional connector synthesis
• extensions of ASL and LTLIO (towards ASL∗∗∗)
• partial-information game semantics for CA,proper game logic
338 / 338