-
A Formal Framework for Distributed Cyber-Physical Systems
Authors:
Benjamin Lion,
Farhad Arbab,
Carolyn Talcott
Abstract:
Composition is an important feature of a specification language, as it enables the design of a complex system in terms of a product of its parts. Decomposition is equally important in order to reason about structural properties of a system. Usually, however, a system can be decomposed in more than one way, each optimizing for a different set of criteria. We extend an algebraic component-based mode…
▽ More
Composition is an important feature of a specification language, as it enables the design of a complex system in terms of a product of its parts. Decomposition is equally important in order to reason about structural properties of a system. Usually, however, a system can be decomposed in more than one way, each optimizing for a different set of criteria. We extend an algebraic component-based model for cyber-physical systems to reason about decomposition. In this model, components compose using a family of algebraic products, and decompose, under some conditions, given a corresponding family of division operators. We use division to specify invariant of a system of components, and to model desirable updates. We apply our framework to design a cyber-physical system consisting of robots moving on a shared field, and identify desirable updates using our division operator.
△ Less
Submitted 3 July, 2022;
originally announced July 2022.
-
A Rewriting Framework for Interacting Cyber-Physical Agents
Authors:
Benjamin Lion,
Farhad Arbab,
Carolyn Talcott
Abstract:
The analysis of cyber-physical systems (CPS) is challenging due to the large state space and the continuous changes occurring in their constituent parts. Design practices favor modularity to help reducing this complexity. In a previous work, we proposed a discrete semantic model for CPS that captures both cyber and physical aspects as streams of discrete observations, which ultimately form the beh…
▽ More
The analysis of cyber-physical systems (CPS) is challenging due to the large state space and the continuous changes occurring in their constituent parts. Design practices favor modularity to help reducing this complexity. In a previous work, we proposed a discrete semantic model for CPS that captures both cyber and physical aspects as streams of discrete observations, which ultimately form the behavior of a component. This semantic model is denotational and compositional, where each composition operator algebraically models an interaction between a pair of components. In this paper, we propose a specification of components as rewrite systems. The specification is operational and executable, and we study conditions for its semantics as components to be compositional. We demonstrate our framework by modeling a coordination of robots moving on a shared field. We show that our system of robots can be coordinated by a protocol in order to exhibit a desired emerging behavior. We use an implementation of our framework in Maude to give practical results.
△ Less
Submitted 2 August, 2022; v1 submitted 8 June, 2022;
originally announced June 2022.
-
Runtime Composition Of Systems of Interacting Cyber-Physical Components
Authors:
Benjamin Lion,
Farhad Arbab,
Carolyn Talcott
Abstract:
We introduce a transition system based specification of cyber-physical systems whose semantics is compositional with respect to a family of algebraic products. We give sufficient conditions for execution of a product to be correctly implemented by a lazy expansion of the product construction. The transition system algebra is implemented in the Maude rewriting logic system, and we report a simple c…
▽ More
We introduce a transition system based specification of cyber-physical systems whose semantics is compositional with respect to a family of algebraic products. We give sufficient conditions for execution of a product to be correctly implemented by a lazy expansion of the product construction. The transition system algebra is implemented in the Maude rewriting logic system, and we report a simple case study illustrating compositional specification.
△ Less
Submitted 25 May, 2022;
originally announced May 2022.
-
A Semantic Model for Interacting Cyber-Physical Systems
Authors:
Benjamin Lion,
Farhad Arbab,
Carolyn Talcott
Abstract:
We propose a component-based semantic model for Cyber-Physical Systems (CPSs) wherein the notion of a component abstracts the internal details of both cyber and physical processes, to expose a uniform semantic model of their externally observable behaviors expressed as sets of sequences of observations. We introduce algebraic operations on such sequences to model different kinds of component compo…
▽ More
We propose a component-based semantic model for Cyber-Physical Systems (CPSs) wherein the notion of a component abstracts the internal details of both cyber and physical processes, to expose a uniform semantic model of their externally observable behaviors expressed as sets of sequences of observations. We introduce algebraic operations on such sequences to model different kinds of component composition. These composition operators yield the externally observable behavior of their resulting composite components through specifications of interactions of the behaviors of their constituent components, as they, e.g., synchronize with or mutually exclude each other's alternative behaviors. Our framework is expressive enough to allow articulation of properties that coordinate desired interactions among composed components within the framework, also as component behavior. We demonstrate the usefulness of our formalism through examples of coordination properties in a CPS consisting of two robots interacting through shared physical resources.
△ Less
Submitted 1 October, 2021;
originally announced October 2021.
-
Treo: Textual Syntax for Reo Connectors
Authors:
Kasper Dokter,
Farhad Arbab
Abstract:
Reo is an interaction-centric model of concurrency for compositional specification of communication and coordination protocols. Formal verification tools exist to ensure correctness and compliance of protocols specified in Reo, which can readily be (re)used in different applications, or composed into more complex protocols. Recent benchmarks show that compiling such high-level Reo specifications p…
▽ More
Reo is an interaction-centric model of concurrency for compositional specification of communication and coordination protocols. Formal verification tools exist to ensure correctness and compliance of protocols specified in Reo, which can readily be (re)used in different applications, or composed into more complex protocols. Recent benchmarks show that compiling such high-level Reo specifications produces executable code that can compete with or even beat the performance of hand-crafted programs written in languages such as C or Java using conventional concurrency constructs.
The original declarative graphical syntax of Reo does not support intuitive constructs for parameter passing, iteration, recursion, or conditional specification. This shortcoming hinders Reo's uptake in large-scale practical applications. Although a number of Reo-inspired syntax alternatives have appeared in the past, none of them follows the primary design principles of Reo: a) declarative specification; b) all channel types and their sorts are user-defined; and c) channels compose via shared nodes. In this paper, we offer a textual syntax for Reo that respects these principles and supports flexible parameter passing, iteration, recursion, and conditional specification. In on-going work, we use this textual syntax to compile Reo into target languages such as Java, Promela, and Maude.
△ Less
Submitted 26 June, 2018;
originally announced June 2018.
-
Connectors meet Choreographies
Authors:
Farhad Arbab,
Luís Cruz-Filipe,
Sung-Shik Jongmans,
Fabrizio Montesi
Abstract:
We present Cho-Reo-graphies (CR), a new language model that unites two powerful programming paradigms for concurrent software based on communicating processes: Choreographic Programming and Exogenous Coordination. In CR, programmers specify the desired communications among processes using a choreography, and define how communications should be concretely animated by connectors given as constraint…
▽ More
We present Cho-Reo-graphies (CR), a new language model that unites two powerful programming paradigms for concurrent software based on communicating processes: Choreographic Programming and Exogenous Coordination. In CR, programmers specify the desired communications among processes using a choreography, and define how communications should be concretely animated by connectors given as constraint automata (e.g., synchronous barriers and asynchronous multi-casts). CR is the first choreography calculus where different communication semantics (determined by connectors) can be freely mixed; since connectors are user-defined, CR also supports many communication semantics that were previously unavailable for choreographies. We develop a static analysis that guarantees that a choreography in CR and its user-defined connectors are compatible, define a compiler from choreographies to a process calculus based on connectors, and prove that compatibility guarantees deadlock-freedom of the compiled process implementations.
△ Less
Submitted 24 April, 2018;
originally announced April 2018.
-
A Component-oriented Framework for Autonomous Agents
Authors:
Tobias Kappé,
Farhad Arbab,
Carolyn Talcott
Abstract:
The design of a complex system warrants a compositional methodology, i.e., composing simple components to obtain a larger system that exhibits their collective behavior in a meaningful way. We propose an automaton-based paradigm for compositional design of such systems where an action is accompanied by one or more preferences. At run-time, these preferences provide a natural fallback mechanism for…
▽ More
The design of a complex system warrants a compositional methodology, i.e., composing simple components to obtain a larger system that exhibits their collective behavior in a meaningful way. We propose an automaton-based paradigm for compositional design of such systems where an action is accompanied by one or more preferences. At run-time, these preferences provide a natural fallback mechanism for the component, while at design-time they can be used to reason about the behavior of the component in an uncertain physical world. Using structures that tell us how to compose preferences and actions, we can compose formal representations of individual components or agents to obtain a representation of the composed system. We extend Linear Temporal Logic with two unary connectives that reflect the compositional structure of the actions, and show how it can be used to diagnose undesired behavior by tracing the falsification of a specification back to one or more culpable components.
△ Less
Submitted 31 July, 2017;
originally announced August 2017.
-
A Compositional Framework for Preference-Aware Agents
Authors:
Tobias Kappé,
Farhad Arbab,
Carolyn Talcott
Abstract:
A formal description of a Cyber-Physical system should include a rigorous specification of the computational and physical components involved, as well as their interaction. Such a description, thus, lends itself to a compositional model where every module in the model specifies the behavior of a (computational or physical) component or the interaction between different components. We propose a fra…
▽ More
A formal description of a Cyber-Physical system should include a rigorous specification of the computational and physical components involved, as well as their interaction. Such a description, thus, lends itself to a compositional model where every module in the model specifies the behavior of a (computational or physical) component or the interaction between different components. We propose a framework based on Soft Constraint Automata that facilitates the component-wise description of such systems and includes the tools necessary to compose subsystems in a meaningful way, to yield a description of the entire system. Most importantly, Soft Constraint Automata allow the description and composition of components' preferences as well as environmental constraints in a uniform fashion. We illustrate the utility of our framework using a detailed description of a patrolling robot, while highlighting methods of composition as well as possible techniques to employ them.
△ Less
Submitted 15 December, 2016;
originally announced December 2016.
-
Data optimizations for constraint automata
Authors:
Sung-Shik T. Q. Jongmans,
Farhad Arbab
Abstract:
Constraint automata (CA) constitute a coordination model based on finite automata on infinite words. Originally introduced for modeling of coordinators, an interesting new application of CAs is implementing coordinators (i.e., compiling CAs into executable code). Such an approach guarantees correctness-by-construction and can even yield code that outperforms hand-crafted code. The extent to which…
▽ More
Constraint automata (CA) constitute a coordination model based on finite automata on infinite words. Originally introduced for modeling of coordinators, an interesting new application of CAs is implementing coordinators (i.e., compiling CAs into executable code). Such an approach guarantees correctness-by-construction and can even yield code that outperforms hand-crafted code. The extent to which these two potential advantages materialize depends on the smartness of CA-compilers and the existence of proofs of their correctness.
Every transition in a CA is labeled by a "data constraint" that specifies an atomic data-flow between coordinated processes as a first-order formula. At run-time, compiler-generated code must handle data constraints as efficiently as possible. In this paper, we present, and prove the correctness of two optimization techniques for CA-compilers related to handling of data constraints: a reduction to eliminate redundant variables and a translation from (declarative) data constraints to (imperative) data commands expressed in a small sequential language. Through experiments, we show that these optimization techniques can have a positive impact on performance of generated executable code.
△ Less
Submitted 21 September, 2016; v1 submitted 16 August, 2016;
originally announced August 2016.
-
Relating BIP and Reo
Authors:
Kasper Dokter,
Sung-Shik Jongmans,
Farhad Arbab,
Simon Bliudze
Abstract:
Coordination languages simplify design and development of concurrent systems. Particularly, exogenous coordination languages, like BIP and Reo, enable system designers to express the interactions among components in a system explicitly. In this paper we establish a formal relation between BI(P) (i.e., BIP without the priority layer) and Reo, by defining transformations between their semantic mod…
▽ More
Coordination languages simplify design and development of concurrent systems. Particularly, exogenous coordination languages, like BIP and Reo, enable system designers to express the interactions among components in a system explicitly. In this paper we establish a formal relation between BI(P) (i.e., BIP without the priority layer) and Reo, by defining transformations between their semantic models. We show that these transformations preserve all properties expressible in a common semantics. This formal relation comprises the basis for a solid comparison and consolidation of the fundamental coordination concepts behind these two languages. Moreover, this basis offers translations that enable users of either language to benefit from the toolchains of the other.
△ Less
Submitted 19 August, 2015;
originally announced August 2015.
-
Toward Sequentializing Overparallelized Protocol Code
Authors:
Sung-Shik T. Q. Jongmans,
Farhad Arbab
Abstract:
In our ongoing work, we use constraint automata to compile protocol specifications expressed as Reo connectors into efficient executable code, e.g., in C. We have by now studied this automata based compilation approach rather well, and have devised effective solutions to some of its problems. Because our approach is based on constraint automata, the approach, its problems, and our solutions are in…
▽ More
In our ongoing work, we use constraint automata to compile protocol specifications expressed as Reo connectors into efficient executable code, e.g., in C. We have by now studied this automata based compilation approach rather well, and have devised effective solutions to some of its problems. Because our approach is based on constraint automata, the approach, its problems, and our solutions are in fact useful and relevant well beyond the specific case of compiling Reo. In this short paper, we identify and analyze two such rather unexpected problems.
△ Less
Submitted 27 October, 2014;
originally announced October 2014.
-
Modularizing and Specifying Protocols among Threads
Authors:
Sung-Shik T. Q. Jongmans,
Farhad Arbab
Abstract:
We identify three problems with current techniques for implementing protocols among threads, which complicate and impair the scalability of multicore software development: implementing synchronization, implementing coordination, and modularizing protocols. To mend these deficiencies, we argue for the use of domain-specific languages (DSL) based on existing models of concurrency. To demonstrate the…
▽ More
We identify three problems with current techniques for implementing protocols among threads, which complicate and impair the scalability of multicore software development: implementing synchronization, implementing coordination, and modularizing protocols. To mend these deficiencies, we argue for the use of domain-specific languages (DSL) based on existing models of concurrency. To demonstrate the feasibility of this proposal, we explain how to use the model of concurrency Reo as a high-level protocol DSL, which offers appropriate abstractions and a natural separation of protocols and computations. We describe a Reo-to-Java compiler and illustrate its use through examples.
△ Less
Submitted 26 February, 2013;
originally announced February 2013.
-
Input-output Conformance Testing for Channel-based Service Connectors
Authors:
Natallia Kokash,
Farhad Arbab,
Behnaz Changizi,
Leonid Makhnist
Abstract:
Service-based systems are software systems composed of autonomous components or services provided by different vendors, deployed on remote machines and accessible through the web. One of the challenges of modern software engineering is to ensure that such a system behaves as intended by its designer. The Reo coordination language is an extensible notation for formal modeling and execution of servi…
▽ More
Service-based systems are software systems composed of autonomous components or services provided by different vendors, deployed on remote machines and accessible through the web. One of the challenges of modern software engineering is to ensure that such a system behaves as intended by its designer. The Reo coordination language is an extensible notation for formal modeling and execution of service compositions. Services that have no prior knowledge about each other communicate through advanced channel connectors which guarantee that each participant, service or client, receives the right data at the right time. Each channel is a binary relation that imposes synchronization and data constraints on input and output messages. Furthermore, channels are composed together to realize arbitrarily complex behavioral protocols. During this process, a designer may introduce errors into the connector model or the code for their execution, and thus affect the behavior of a composed service. In this paper, we present an approach for model-based testing of coordination protocols designed in Reo. Our approach is based on the input-output conformance (ioco) testing theory and exploits the map** of automata-based semantic models for Reo to equivalent process algebra specifications.
△ Less
Submitted 9 August, 2011;
originally announced August 2011.
-
Correlating Formal Semantic Models of Reo Connectors: Connector Coloring and Constraint Automata
Authors:
Sung-Shik T. Q. Jongmans,
Farhad Arbab
Abstract:
Over the past decades, coordination languages have emerged for the specification and implementation of interaction protocols for communicating software components. This class of languages includes Reo, a platform for compositional construction of connectors. In recent years, various formalisms for describing the behavior of Reo connectors have come to existence, each of them serving its own purpos…
▽ More
Over the past decades, coordination languages have emerged for the specification and implementation of interaction protocols for communicating software components. This class of languages includes Reo, a platform for compositional construction of connectors. In recent years, various formalisms for describing the behavior of Reo connectors have come to existence, each of them serving its own purpose. Naturally, questions about how these models relate to each other arise. From a theoretical point of view, answers to these questions provide us with better insight into the fundamentals of Reo, while from a more practical perspective, these answers broaden the applicability of Reo's development tools. In this paper, we address one of these questions: we investigate the equivalence between coloring models and constraint automata, the two most dominant and practically relevant semantic models of Reo. More specifically, we define operators that transform one model to the other (and vice versa), prove their correctness, and show that they distribute over composition. To ensure that the transformation operators map one-to-one (instead of many-to-one), we extend coloring models with data constraints. Though primarily a theoretical contribution, we sketch some potential applications of our results: the broadening of the applicability of existing tools for connector verification and animation.
△ Less
Submitted 1 August, 2011;
originally announced August 2011.
-
Decoupled execution of synchronous coordination models via behavioural automata
Authors:
José Proença,
Dave Clarke,
Erik de Vink,
Farhad Arbab
Abstract:
Synchronous coordination systems allow the exchange of data by logically indivisible actions involving all coordinated entities. This paper introduces behavioural automata, a logically synchronous coordination model based on the Reo coordination language, which focuses on relevant aspects for the concurrent evolution of these systems. We show how our automata model encodes the Reo and Linda coordi…
▽ More
Synchronous coordination systems allow the exchange of data by logically indivisible actions involving all coordinated entities. This paper introduces behavioural automata, a logically synchronous coordination model based on the Reo coordination language, which focuses on relevant aspects for the concurrent evolution of these systems. We show how our automata model encodes the Reo and Linda coordination models and how it introduces an explicit predicate that captures the concurrent evolution, distinguishing local from global actions, and lifting the need of most synchronous models to involve all entities at each coordination step, paving the way to more scalable implementations.
△ Less
Submitted 31 July, 2011;
originally announced August 2011.
-
A Compositional Semantics for Stochastic Reo Connectors
Authors:
Young-Joo Moon,
Alexandra Silva,
Christian Krause,
Farhad Arbab
Abstract:
In this paper we present a compositional semantics for the channel-based coordination language Reo which enables the analysis of quality of service (QoS) properties of service compositions. For this purpose, we annotate Reo channels with stochastic delay rates and explicitly model data-arrival rates at the boundary of a connector, to capture its interaction with the services that comprise its envi…
▽ More
In this paper we present a compositional semantics for the channel-based coordination language Reo which enables the analysis of quality of service (QoS) properties of service compositions. For this purpose, we annotate Reo channels with stochastic delay rates and explicitly model data-arrival rates at the boundary of a connector, to capture its interaction with the services that comprise its environment. We propose Stochastic Reo automata as an extension of Reo automata, in order to compositionally derive a QoS-aware semantics for Reo. We further present a translation of Stochastic Reo automata to Continuous-Time Markov Chains (CTMCs). This translation enables us to use third-party CTMC verification tools to do an end-to-end performance analysis of service compositions.
△ Less
Submitted 28 July, 2010;
originally announced July 2010.
-
A Distributed Platform for Mechanism Design
Authors:
Krzysztof R. Apt,
Farhad Arbab,
Huiye Ma
Abstract:
We describe a structured system for distributed mechanism design. It consists of a sequence of layers. The lower layers deal with the operations relevant for distributed computing only, while the upper layers are concerned only with communication among players, including broadcasting and multicasting, and distributed decision making. This yields a highly flexible distributed system whose specifi…
▽ More
We describe a structured system for distributed mechanism design. It consists of a sequence of layers. The lower layers deal with the operations relevant for distributed computing only, while the upper layers are concerned only with communication among players, including broadcasting and multicasting, and distributed decision making. This yields a highly flexible distributed system whose specific applications are realized as instances of its top layer.
This design supports fault-tolerance, prevents manipulations and makes it possible to implement distributed policing. The system is implemented in Java. We illustrate it by discussing a number of implemented examples.
△ Less
Submitted 17 October, 2008;
originally announced October 2008.
-
A System for Distributed Mechanisms: Design, Implementation and Applications
Authors:
Krzysztof R. Apt,
Farhad Arbab,
Huiye Ma
Abstract:
We describe here a structured system for distributed mechanism design appropriate for both Intranet and Internet applications. In our approach the players dynamically form a network in which they know neither their neighbours nor the size of the network and interact to jointly take decisions. The only assumption concerning the underlying communication layer is that for each pair of processes there…
▽ More
We describe here a structured system for distributed mechanism design appropriate for both Intranet and Internet applications. In our approach the players dynamically form a network in which they know neither their neighbours nor the size of the network and interact to jointly take decisions. The only assumption concerning the underlying communication layer is that for each pair of processes there is a path of neighbours connecting them. This allows us to deal with arbitrary network topologies.
We also discuss the implementation of this system which consists of a sequence of layers. The lower layers deal with the operations that implement the basic primitives of distributed computing, namely low level communication and distributed termination, while the upper layers use these primitives to implement high level communication among players, including broadcasting and multicasting, and distributed decision making.
This yields a highly flexible distributed system whose specific applications are realized as instances of its top layer. This design is implemented in Java.
The system supports at various levels fault-tolerance and includes a provision for distributed policing the purpose of which is to exclude `dishonest' players. Also, it can be used for repeated creation of dynamically formed networks of players interested in a joint decision making implemented by means of a tax-based mechanism. We illustrate its flexibility by discussing a number of implemented examples.
△ Less
Submitted 20 September, 2011; v1 submitted 16 November, 2007;
originally announced November 2007.