Multiple Viewpoint Contract-Based Specification and Design
04 Dec 2008-pp 200-225
TL;DR: The mathematical foundations and the design methodology of the contract-based model developed in the framework of the SPEEDS project, a design methodology in which distributed designers develop different aspects of the overall system, in a concurrent but controlled way, are presented.
Abstract: We present the mathematical foundations and the design methodology of the contract-based model developed in the framework of the SPEEDS project. SPEEDS aims at developing methods and tools to support "speculative design", a design methodology in which distributed designers develop different aspects of the overall system, in a concurrent but controlled way. Our generic mathematical model of contract supports this style of development. This is achieved by focusing on behaviors, by supporting the notion of "rich component" where diverse (functional and non-functional) aspects of the system can be considered and combined, by representing rich components via their set of associated contracts, and by formalizing the whole process of component composition.
Citations
More filters
Book•
28 Mar 2018
TL;DR: This paper intends to provide treatment where contracts are precisely defined and characterized so that they can be used in design methodologies such as the ones mentioned above with no ambiguity, and provides an important link between interfaces and contracts to show similarities and correspondences.
Abstract: Recently, contract-based design has been proposed as an “orthogonal” approach that complements system design methodologies proposed so far to cope with the complexity of system design. Contract-based design provides a rigorous scaffolding for verification, analysis, abstraction/refinement, and even synthesis. A number of results have been obtained in this domain but a unified treatment of the topic that can help put contract-based design in perspective was missing. This monograph intends to provide such a treatment where contracts are precisely defined and characterized so that they can be used in design methodologies with no ambiguity. In particular, this monograph identifies the essence of complex system design using contracts through a mathematical “meta-theory”, where all the properties of the methodology are derived from a very abstract and generic notion of contract. We show that the meta-theory provides deep and illuminating links with existing contract and interface theories, as well as guidelines for designing new theories. Our study encompasses contracts for both software and systems, with emphasis on the latter. We illustrate the use of contracts with two examples: requirement engineering for a parking garage management, and the development of contracts for timing and scheduling in the context of the AUTOSAR methodology in use in the automotive sector.
238 citations
Cites background from "Multiple Viewpoint Contract-Based S..."
...Chapter 5 deals with Assume/Guarantee contracts [40, 46]....
[...]
...This calls for including non-functional characteristics as part of the component interface specifications, which is best achieved by using multiple viewpoints [40, 46, 42]....
[...]
31 Dec 2014
TL;DR: This book comprises four research roadmaps, written by the original participants of the Dagstuhl Seminar over the course of two years following the seminar, and seven research papers from experts in the area that provide insights to key features of the use of runtime models.
Abstract: Traditionally, research on model-driven engineering (MDE) has mainly focused on the use of models at the design, implementation, and verification stages of development. This work has produced relatively mature techniques and tools that are currently being used in industry and academia. However, software models also have the potential to be used at runtime, to monitor and verify particular aspects of runtime behavior, and to implement self-* capabilities (e.g., adaptation technologies used in self-healing, self-managing, self-optimizing systems). A key benefit of using models at runtime is that they can provide a richer semantic base for runtime decision-making related to runtime system concerns associated with autonomic and adaptive systems. This book is one of the outcomes of the Dagstuhl Seminar 11481 on models@run.time held in November/December 2011, discussing foundations, techniques, mechanisms, state of the art, research challenges, and applications for the use of runtime models. The book comprises four research roadmaps, written by the original participants of the Dagstuhl Seminar over the course of two years following the seminar, and seven research papers from experts in the area. The roadmap papers provide insights to key features of the use of runtime models and identify the following research challenges: the need for a reference architecture, uncertainty tackled by runtime models, mechanisms for leveraging runtime models for self-adaptive software, and the use of models at runtime to address assurance for self-adaptive systems.
163 citations
TL;DR: This paper surveys the advancement of CPSS through cyber-physical systems (CPS), cyber-social systems (CSS) and CPSS, as well as related techniques, and reviews the existing system-level design methodologies in multiple application domains.
149 citations
15 Sep 2015
TL;DR: A platform-based design methodology that uses contracts to specify and abstract the components of a cyber-physical system (CPS), and provide formal support to the entire CPS design flow is introduced.
Abstract: We introduce a platform-based design methodology that uses contracts to specify and abstract the components of a cyber-physical system (CPS), and provide formal support to the entire CPS design flow. The design is carried out as a sequence of refinement steps from a high-level specification to an implementation built out of a library of components at the lower level. We review formalisms and tools that can be used to specify, analyze, or synthesize the design at different levels of abstraction. For each level, we highlight how the contract operations can be concretely computed as well as the research challenges that should be faced to fully implement them. We illustrate our approach on the design of embedded controllers for aircraft electric power distribution systems.
142 citations
Cites background from "Multiple Viewpoint Contract-Based S..."
...Rigorous contract theories have been developed over the years, including assume-guarantee (A/G) contracts [7] and interface theories [8]....
[...]
...Then, a contract C for a component M is a triple ðV; A;GÞ, where V 1⁄4 U [ Y [ X is the set of component variables, and A and G are assertions, each representing a set of behaviors over V [7]....
[...]
...[7], [10], to reason about requirements and their refinement during the design process....
[...]
...When there is a clear distinction between input (uncontrolled) and output (controlled) variables, different notions of contract compatibility and consistency can be defined [7], [9], [18]....
[...]
11 Nov 2013
TL;DR: OCRA (Othello Contracts Refinement Analysis) is a new tool that provides means for checking the refinement of contracts specified in a linear-time temporal logic, and allows to express discrete as well as metric real-time constraints.
Abstract: Contract-based design enriches a component model with properties structured in pairs of assumptions and guarantees. These properties are expressed in term of the variables at the interface of the components, and specify how a component interacts with its environment: the assumption is a property that must be satisfied by the environment of the component, while the guarantee is a property that the component must satisfy in response. Contract-based design has been recently proposed in many methodologies for taming the complexity of embedded systems. In fact, contract-based design enables stepwise refinement, compositional verification, and reuse of components. However, only few tools exist to support the formal verification underlying these methods. OCRA (Othello Contracts Refinement Analysis) is a new tool that provides means for checking the refinement of contracts specified in a linear-time temporal logic. The specification language allows to express discrete as well as metric real-time constraints. The underlying reasoning engine allows checking if the contract refinement is correct. OCRA has been used in different projects and integrated in CASE tools.
110 citations
Cites methods from "Multiple Viewpoint Contract-Based S..."
...OCRA: A Tool for Checking the Refinement of Temporal Contracts Alessandro Cimatti, Michele Dorigatti, Stefano Tonetta FBK-irst, Trento, Italy {cimatti,mdorigatti,tonettas}@fbk.eu Abstract—Contract-based design enriches a component model with properties structured in pairs of assumptions and…...
[...]
References
More filters
14 Jul 1980
4,755 citations
TL;DR: Methodological guidelines for object-oriented software construction that improve the reliability of the resulting software systems are presented and the theory of contract design and the role of assertions in that theory are discussed.
Abstract: Methodological guidelines for object-oriented software construction that improve the reliability of the resulting software systems are presented. It is shown that the object-oriented techniques rely on the theory of design by contract, which underlies the design of the Eiffel analysis, design, and programming language and of the supporting libraries, from which a number of examples are drawn. The theory of contract design and the role of assertions in that theory are discussed. >
2,201 citations
"Multiple Viewpoint Contract-Based S..." refers methods in this paper
...The notion of contract has been applied for the first time by Meyer in the context of the programming language Eiffel [5]....
[...]
TL;DR: So-called “guarded commands” are introduced as a building block for alternative and repetitive constructs that allow nondeterministic program components for which at least the activity evoked, but possibly even the final state, is not necessarily uniquely determined by the initial state.
Abstract: So-called “guarded commands” are introduced as a building block for alternative and repetitive constructs that allow nondeterministic program components for which at least the activity evoked, but possibly even the final state, is not necessarily uniquely determined by the initial state. For the formal derivation of programs expressed in terms of these constructs, a calculus will be be shown.
2,048 citations
"Multiple Viewpoint Contract-Based S..." refers result in this paper
...Similar ideas were already present in seminal work by Dijkstra [6] and Lamport [7] on weakest preconditions and predicate transformers for sequential and concurrent programs, and in more recent work by Back and von Wright, who introduce contracts [8] in the refinement calculus [9]....
[...]
[...]
TL;DR: This work presents a light-weight formalism that captures the temporal aspects of software component interfaces through an automata-based language that supports automatic compatability checks between interface models, and thus constitutes a type system for component interaction.
Abstract: Conventional type systems specify interfaces in terms of values and domains. We present a light-weight formalism that captures the temporal aspects of software component interfaces. Specifically, we use an automata-based language to capture both input assumptions about the order in which the methods of a component are called, and output guarantees about the order in which the component calls external methods. The formalism supports automatic compatability checks between interface models, and thus constitutes a type system for component interaction. Unlike traditional uses of automata, our formalism is based on an optimistic approach to composition, and on an alternating approach to design refinement. According to the optimistic approach, two components are compatible if there is some environment that can make them work together. According to the alternating approach, one interface refines another if it has weaker input assumptions, and stronger output guarantees. We show that these notions have game-theoretic foundations that lead to efficient algorithms for checking compatibility and refinement.
1,336 citations
"Multiple Viewpoint Contract-Based S..." refers background or result in this paper
...This definition is consistent with similar definitions in other contexts [12,10,15]....
[...]
...More recently, De Alfaro and Henzinger have proposed Interface Automata which are similar to synchronous trace structures, where failures are implicitly all the traces that are not accepted by an automaton representing the component [12]....
[...]
TL;DR: In this article, a mathematical model for communicating sequential processes is given, and a number of its interesting and useful properties are stated and proved, and the possibilities of nondetermimsm are fully taken into account.
Abstract: A mathematical model for communicating sequential processes is given, and a number of its interesting and useful properties are stated and proved. The possibilities of nondetermimsm are fully taken into account.
1,193 citations