Abstract
Contract models have been proposed to promote and facilitate reuse and distributed development. In this paper, we cast contract models into a coherent formalism used to derive general results about the properties of their operators. We study several extensions of the basic model, including the distinction between weak and strong assumptions and maximality of the specification. We then analyze the disjunction and conjunction operators, and show how they can be broken up into a sequence of simpler operations. This leads to the definition of a new contract viewpoint merging operator, which better captures the design intent in contrast to the more traditional conjunction. The adjoint operation, which we call separation, can be used to re-partition the specification into different viewpoints. We show the symmetries of these operations with respect to composition and quotient.
- Martín Abadi and Leslie Lamport. 1993. Composing specifications. ACM Transactions on Programming Languages and Systems 15, 1 (January 1993), 73--132Google Scholar
Digital Library
- Ralph-Johan Back and Joakim von Wright. 2000. Contracts, games, and refinement. Information and Communication 156 (2000), 25--45.Google Scholar
Digital Library
- Sebastian S. Bauer, Alexandre David, Rolf Hennicker, Kim G. Larsen, Axel Legay, Ulrik Nyman, and Andrzej Wasowski. 2012. Moving from specifications to contracts in component-based design. In Proceedings of the 15th International Conference on Fundamental Approaches to Software Engineering (FASE’12). Springer-Verlag, Tallinn, Estonia, 43--58.Google Scholar
Digital Library
- Albert Benveniste, Benoît Caillaud, Luca Carloni, Paul Caspi, and Alberto Sangiovanni-Vincentelli. 2008. Composing heterogeneous reactive systems. ACM Transactions on Embedded Computing Systems 7, 4 (2008), 43:1--43:36.Google Scholar
Digital Library
- Albert Benveniste, Benoît Caillaud, Alberto Ferrari, Leonardo Mangeruca, Roberto Passerone, and Christos Sofronis. 2008. Multiple viewpoint contract-based specification and design. In Formal Methods for Components and Objects, 6th International Symposium (FMCO’07), Amsterdam, The Netherlands, October 24--26, 2007, Revised Papers, Frank S. de Boer, Marcello M. Bonsangue, Susanne Graf, and Willem-Paul de Roever (Eds.). Lecture Notes in Computer Science, Vol. 5382. Springer Verlag, Berlin Heidelberg, 200--225.Google Scholar
- Albert Benveniste, Benoît Caillaud, Dejan Nickovic, Roberto Passerone, Jean-Baptiste Raclet, Philipp Reinkemeier, Alberto L. Sangiovanni-Vincentelli, Werner Damm, Thomas A. Henzinger, and Kim G. Larsen. 2018. Contracts for System Design. Foundations and Trends in Electronic Design Automation, Vol. 12. now publishers.Google Scholar
- Luca Benvenuti, Alberto Ferrari, Leonardo Mangeruca, Emanuele Mazzi, Roberto Passerone, and Christos Sofronis. 2008. A contract-based formalism for the specification of heterogeneous systems. In Proceedings of the Forum on Specification 8 Design Languages (FDL08). Stuttgart, Germany, 142--147.Google Scholar
Cross Ref
- Luca Benvenuti, Alberto Ferrari, Emanuele Mazzi, and Alberto L. Sangiovanni Vincentelli. 2008. Contract-based design for computation and verification of a closed-loop hybrid system. In Hybrid Systems: Computation and Control, Magnus Egerstedt and Bud Mishra (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 58--71.Google Scholar
- Josep Carmona and Jetty Kleijn. 2013. Compatibility in a multi-component environment. Theoretical Computer Science 484 (May 2013), 1--15.Google Scholar
- Arindam Chakrabarti, Luca de Alfaro, Thomas A. Henzinger, and Marielle Stoelinga. 2003. Resource interfaces. In Proceedings of the Third Annual Conference on Embedded Software (EMSOFT’03) (Lecture Notes in Computer Science), Vol. 2855. Springer, 117--133.Google Scholar
Cross Ref
- Chris Chilton, Bengt Jonsson, and Marta Kwiatkowska. 2014. An algebraic theory of interface automata. Theoretical Computer Science 549 (September 2014), 146--174.Google Scholar
- Alessandro Cimatti and Stefano Tonetta. 2015. Contracts-refinement proof system for component-based embedded systems. Science of Computer Programming 97, Part 3 (2015), 333--348.Google Scholar
Digital Library
- Werner Damm, Hardi Hungar, Bernhard Josko, Thomas Peikenkamp, and Ingo Stierand. 2011. Using contract-based component specifications for virtual integration testing and architecture design. In Design, Automation Test in Europe Conference Exhibition (DATE11). Grenoble, France, 1--6.Google Scholar
Cross Ref
- Werner Damm, Angelika Votintseva, Alexander Metzner, Bernhard Josko, Thomas Peikenkamp, and Eckard Böde. 2005. Boosting re-use of embedded automotive applications through rich components. In Foundations of Interface Technologies (FIT’05).Google Scholar
- Luca de Alfaro and Thomas A. Henzinger. 2001. Interface automata. In Proceedings of the Ninth Annual Symposium on Foundations of Software Engineering. ACM Press, 109--120.Google Scholar
- Edsger W. Dijkstra. 1975. Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18, 8 (August 1975), 453--457.Google Scholar
Digital Library
- David L. Dill. 1989. Trace Theory for Automatic Hierarchical Verification of Speed-Independent Circuits. MIT Press.Google Scholar
- Iulia Dragomir, Iulian Ober, and Christian Percebois. 2015. Contract-based modeling and verification of timed safety requirements within SysML. Software 8 Systems Modeling (2015), 1--38.Google Scholar
- Robert W. Floyd. 1967. Assigning meaning to programs. In Proceedings of Symposium on Applied Mathematics, Vol. 19. 19--32.Google Scholar
Cross Ref
- Susanne Graf, Roberto Passerone, and Sophie Quinton. 2014. Contract-based reasoning for component systems with rich interactions. In Embedded Systems Development: From Functional Models to Implementations, Alberto L. Sangiovanni-Vincentelli, Haibo Zeng, Marco Di Natale, and Peter Marwedel (Eds.). Embedded Systems, Vol. 20. Springer New York, Chapter 8, 139--154.Google Scholar
- Thomas A. Henzinger, Ranjit Jhala, and Rupak Majumdar. 2005. Permissive interfaces. In Proceedings of the 13th Annual Symposium on Foundations of Software Engineering (FSE’05). ACM Press, 31--40.Google Scholar
Digital Library
- Charles A. R. Hoare. 1969. An axiomatic basis for computer programming. Commun. ACM 12, 10 (1969), 576--580.Google Scholar
Digital Library
- Íñigo Íncer Romeo, Alberto Sangiovanni-Vincentelli, Chung-Wei Lin, and Eunsuk Kang. 2018. Quotient for assume-guarantee contracts. In 16th ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE).Google Scholar
Cross Ref
- Leslie Lamport. 1990. win and sin: Predicate transformers for concurrency. ACM Transactions on Programming Languages and Systems 12, 3 (July 1990), 396--428.Google Scholar
Digital Library
- Kim G. Larsen, Ulrik Nyman, and Andrzej Wasowski. 2006. Interface input/output automata. In 14th International Symposium on Formal Methods, FM’06 (Lecture Notes in Computer Science), Vol. 4085. Springer, 82--97.Google Scholar
Digital Library
- Kim G. Larsen, Ulrik Nyman, and Andrzej Wasowski. 2007. Modal I/O automata for interface and product line theories. In Programming Languages and Systems, 16th European Symposium on Programming, (ESOP’07) (Lecture Notes in Computer Science), Vol. 4421. Springer, 64--79.Google Scholar
- Hoa Thi Thieu Le, Roberto Passerone, Uli Fahrenberg, and Axel Legay. 2016. A tag contract framework for modeling heterogeneous systems. Science of Computer Programming 115--116 (2016), 225--246.Google Scholar
- Edward A. Lee and Alberto Sangiovanni-Vincentelli. 1998. A framework for comparing models of computation. IEEE Transactions on Computer-Aided Design of Circuits and Systems 17, 12 (1998), 1217--1229.Google Scholar
Digital Library
- Edward A. Lee and Yuhong Xiong. 2004. A behavioral type system and its application in Ptolemy II. Formal Aspects of Computing Journal 16, 3 (2004), 210--237.Google Scholar
Digital Library
- Saunders Mac Lane. 1998. Categories for the Working Mathematician (2nd ed.). Vol. 5. New York, NY: Springer. xii + 314 pages.Google Scholar
- Leonardo Mangeruca, Orlando Ferrante, and Alberto Ferrari. 2013. Formalization and completeness of evolving requirements using contracts. In Proceedings of the 8th IEEE International Symposium on Industrial Embedded Systems (SIES’13). Porto, Portugal, 120--129.Google Scholar
Cross Ref
- Bertrand Meyer. 1992. Applying “design by contract”. IEEE Computer 25, 10 (October 1992), 40--51.Google Scholar
Digital Library
- Radu Negulescu. 2000. Process spaces. In CONCUR 2000 — Concurrency Theory, Catuscia Palamidessi (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 199--213.Google Scholar
Cross Ref
- Ulrik Nyman. 2008. Modal Transition Systems as the Basis for Interface Theories and Product Lines. Ph.D. Dissertation. Aalborg University, Department of Computer Science.Google Scholar
- Roberto Passerone, Íñigo Íncer Romeo, and Alberto L. Sangiovanni-Vincentelli. 2019. Contract model operators for composition and merging: extensions and proofs. Technical Report DISI-19-004. Dipartimento di Ingegneria e Scienza dell’Informazione, University of Trento.Google Scholar
- Jean-Baptiste Raclet, Eric Badouel, Albert Benveniste, Benoît Caillaud, Axel Legay, and Roberto Passerone. 2011. A modal interface theory for component-based design. Fundamenta Informaticae 108, 1--2 (2011), 119--149.Google Scholar
Digital Library
- Jean-Baptiste Raclet, Eric Badouel, Albert Benveniste, Benoît Caillaud, and Roberto Passerone. 2009. Why are modalities good for interface theories? In Proceedings of the Ninth International Conference on Application of Concurrency to System Design (ACSD’09). Augsburg, Germany, 119--127.Google Scholar
Cross Ref
- Stavros Tripakis, Ben Lickly, Thomas A. Henzinger, and Edward A. Lee. 2011. A theory of synchronous relational interfaces. ACM Transactions on Programming Languages and Systems 33, 4 (July 2011).Google Scholar
Digital Library
- Stavros Tripakis, Christos Stergiou, Manfred Broy, and Edward A. Lee. 2013. Error-completion in interface theories. In Model Checking Software, Ezio Bartocci and C. R. Ramakrishnan (Eds.). Lecture Notes in Computer Science, Vol. 7976. Springer Berlin Heidelberg, 358--375.Google Scholar
- Elizabeth S. Wolf. 1995. Hierarchical Models of Synchronous Circuits for Formal Verification and Substitution. Ph.D. Dissertation. Department of Computer Science, Stanford University.Google Scholar
Index Terms
Coherent Extension, Composition, and Merging Operators in Contract Models for System Design
Recommendations
Confluence operators and their relationships with revision, update and merging
In this paper we introduce confluence operators, that are inspired by the existing links between belief revision, update and merging operators. Roughly, update operators can be considered as pointwise revision, whereas revision operators can be ...
DA2 merging operators
Special issue on nonmonotonic reasoningA new framework for propositional merging is presented. DA2 merging operators, parameterized by a distance between interpretations and two aggregation functions, are introduced. Many distances and aggregation functions can be used and many merging ...
SUOWA operators
SUOWA operators are a new family of aggregation functions that simultaneously generalize weighted means and OWA operators. Semi-uninorms, which are an extension of uninorms by dispensing with the symmetry and associativity properties, play a fundamental ...






Comments