A Boolean algebra of contracts for assume-guarantee reasoning Yann - - PowerPoint PPT Presentation

Introduction A Model for Contracts Use Case Conclusion Further work

A Boolean algebra of contracts for assume-guarantee reasoning

Yann Glouche with Jean-Pierre Talpin Paul Le Guernic Thierry Gautier

1INRIA, Resarch Unit of Rennes-Bretagne-Atlantique,

Rennes, France Team ESPRESSO

December 1, 2008

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Context

Polychyrony

1

Tool used for embedded systems design

2

Developed by the team ESPRESSO

3

Design of concurrent systems architecture exploration simulation and checking

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Context

SIGNAL hypothesies:

1

Abstraction of the real time

2

Communications and calculus are instantaneous

3

The set of tags is equipped with a partial order relation Abstract the components by their interface Abstract description of distributed architectures

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Motivations

Use a formal concept for integrating a system in Polychrony for:

1

Testing the compatibility between the implementation of a component and its interface

2

Checking the substituability between two components in a system

3

Checking the adequation between an application and its environment execution

4

Finding the errors at all steps of the system design

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Motivations

Use a formal concept for integrating a system in Polychrony for:

1

Testing the compatibility between the implementation of a component and its interface

2

Checking the substituability between two components in a system

3

Checking the adequation between an application and its environment execution

4

Finding the errors at all steps of the system design

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Motivations

Use a formal concept for integrating a system in Polychrony for:

1

Testing the compatibility between the implementation of a component and its interface

2

Checking the substituability between two components in a system

3

Checking the adequation between an application and its environment execution

4

Finding the errors at all steps of the system design

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Motivations

Use a formal concept for integrating a system in Polychrony for:

1

Testing the compatibility between the implementation of a component and its interface

2

Checking the substituability between two components in a system

3

Checking the adequation between an application and its environment execution

4

Finding the errors at all steps of the system design

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Goals

1

Use the concept of assume/guarantee for designing the SIGNAL processes

2

Extend the SIGNAL language for operating with type system based on the assume/guarantee reasoning

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Goals

1

Use the concept of assume/guarantee for designing the SIGNAL processes

2

Extend the SIGNAL language for operating with type system based on the assume/guarantee reasoning

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Behavior V be an infinite, countable set of variables, D a set of values; for Y, a finite set of variables included in V, Y nonempty, a Y-behavior is a function c :Y → D ; the set of Y-behaviors is BY. BY =∆ Y → D , B∅ =∆ ∅ (1)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Behavior restriction c|X =∆ {(x, c(x))/x ∈ X} (2)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Process For X, a finite set of variables (X ⊂V), a X-process p is a nonempty set of X-behaviors; PX is the set of X-processes; (3)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Process For X, a finite set of variables (X ⊂V), a X-process p is a nonempty set of X-behaviors; PX is the set of X-processes; Ω =∆ {∅}, ✵ =∆ ∅ (3)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Process complement For X, a finite set of variables (X ⊂V), the complement p of a process p ∈ PX is defined by: p ∈ PX = ⇒ p =∆ (BX \ p) = {b ∈ BX/b ∈ p} (4)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Example Let p a process (with var(p) = {x, y}, and x, y ∈ N), defined by the set of behaviors such that x > 0 ∧ y is odd then p is the set of behaviors such that x ≤ 0 ∨ y is even.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Process restriction and extension When X, Y are finite sets of variables such that X ⊆ Y ⊂V, Y nonempty, q|X =∆ {c|X/c ∈ q} (5) p|Y =∆ {c ∈ BY/c|X ∈ p} (6)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Example Let p a process (with var(p) = {x, y, z}, and x, y, z ∈ N), defines by the set of behaviors such that x > 0 ∧ y is odd ∧ z < 2 then p|{x, y} is the set of behaviors such that x > 0 ∧ y is odd. Example Let p a process (with var(p) = {x, y}, and x, y, z ∈ N), defines by the set of behaviors such that x > 0 ∧ y is odd then p|{x, y, z} is the set of behaviors such that x > 0 ∧ y is odd ∧ z ∈ N.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Strict processes extension For X, Y nonempty, finite sets of variables such that X ⊆ Y ⊂V and p ∈ PX, pq states that q is a full extension of p to Y: a variable in Y \ X may hold any legal value ; thus (pq) ⇐ ⇒ ((var(p) ⊆ var(q)) ∧ (p|var(q) = q)) (7) Corollary. (P,) is a poset.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Strict processes extension For X, Y nonempty, finite sets of variables such that X ⊆ Y ⊂V and p ∈ PX, pq states that q is a full extension of p to Y: a variable in Y \ X may hold any legal value ; thus (pq) ⇐ ⇒ ((var(p) ⊆ var(q)) ∧ (p|var(q) = q)) (7) Corollary. (P,) is a poset.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

The upper set of a process is the set of processes that contain its behaviors. [↑ p] =∆ {q ∈ P/pq} (8)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Variable control ✄ A process q controls a variable y, denoted by (q ✄ y) iff ((y ∈ var(q)) ∧ q ((q|(var(q)\{y}))|var(q))) (9)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Reduced process A process p is reduced iff it controls all of its variables: p is reduced ⇐ ⇒ p ✄ var(p) (10) We denote by

▽

q, called reduction of q, the (minimal) process such that

▽

qq

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Processes

Definition: Reduced process A process p is reduced iff it controls all of its variables: p is reduced ⇐ ⇒ p ✄ var(p) (10) We denote by

▽

q, called reduction of q, the (minimal) process such that

▽

qq

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process

We define the inclusion lower set of a process to capture all the subsets of its behaviors. Let P⋆ =∆ P ∪ {✵}, R ⊆ P⋆, [R↓⊆] is the lower set of R for ⊆: [R↓⊆] =∆ {p ∈ P⋆/( ∃ q ∈ R)(p ⊆ q)} (11)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Definition: Process-filter Formally a set of processes R is a process-filter iff ( ∃ r ∈ P⋆) (((r =

▽

r) ∧ (R = [[↑ r] ↓⊆] ))). the process r is a generator of R and that R is generated by r.

▽

R denotes the generator of R. Φ is the set of process-filters.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Example Let r a process (with var(r) = {x, y, z}, and x, y, z ∈ N), defines by the set of behaviors such that x > 10 ∧ y is odd ∧ z ∈ N (z is a free variable). Then process-filter [[↑

▽

r] ↓⊆] defines the set of processes which satisfy x > 10 ∧ y is odd. Let s a process (with var(s) = {x, y, u}, and x, y, u ∈ N), defines by the set of behaviors such that x > 10 ∧ y is odd ∧ u > 100. Then u ∈ [[↑

▽

r] ↓⊆].

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

The filtered variable set of R is var(R) defined by: var(R) =∆ var(

▽

R) (12)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Definition: Process-filter relaxation For R and S, two process-filters, the relation R is less wide than S , written R ⊑ S is defined by: Z = var(R) ∪ var(S) = ⇒ (R ⊑ S ⇐ ⇒

▽

R

|Z

⊆

▽

S

|Z

) (13)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Definition: Process-filter relaxation For R and S, two process-filters, the relation R is less wide than S , written R ⊑ S is defined by: Z = var(R) ∪ var(S) = ⇒ (R ⊑ S ⇐ ⇒

▽

R

|Z

⊆

▽

S

|Z

) (13) Example Let x, y, z ∈ N three variables. The process-filter R defines the set of processes which satisfy x > 10 ∧ y is odd ∧ z is even, The process-filter S defines the set of processes which satisfy x > 0 ∧ y is odd, then we have R ⊑ S.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Corollary (Φ,⊑) is a poset.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Lemma (Φ,⊑) is a lattice with P⋆ as supremum and {✵} as infimum; the greatest lower bound (or conjunction) R ⊓ S:

R ⊓ S =∆ [[↑

▽

p] ↓⊆] (14)

where p = (

▽

R

|V

∩

▽

S

|V

), V = var(R) ∪ var(S)

the greatest upper bound (or disjunction) R ⊔ S: R ⊔ S =∆ [[↑

▽

p] ↓⊆] (15)

where p = (

▽

R

|V

∪

▽

S

|V

), V = var(R) ∪ var(S)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Let x, y, z ∈ N three variables. Example The process-filter R defines the set of processes which satisfy x > 10 ∧ y is odd ∧ z is even, The process-filter S defines the set of processes which satisfy x > 10 ∧ y is even ∧ z is odd, then R ⊔ S satisfies x > 10 (y, z are free variables)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Let x, y, z ∈ N three variables. Example The process-filter R defines the set of processes which satisfy x > 10 ∧ y is odd ∧ z is even, The process-filter S defines the set of processes which satisfy x > 10 ∧ y is even ∧ z is odd, then R ⊔ S satisfies x > 10 (y, z are free variables) Example The process-filter R defines the set of processes which satisfy (x > 10 ∧ y ∈ N ∧ z is even) ∨ (x = 3 ∧ y = 1 ∧ z = 1), The process-filter S defines the set of processes which satisfy x > 10 ∧ y ∈ N, then R ⊓ S satisfies x > 10 ∧ z is even (y is a free variable)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Definition: Process-filter complement The complement R of a process-filter R is defined by: ( R =∆ [[↑

• ▽

R] ↓⊆]) (16) var(R) = var( R) Theorem: Process-filter Boolean algebra (Φ,⊑) is a Boolean algebra with P⋆ as 1, {✵} as 0 and the complement R.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Process-filter

Definition: Process-filter complement The complement R of a process-filter R is defined by: ( R =∆ [[↑

• ▽

R] ↓⊆]) (16) var(R) = var( R) Theorem: Process-filter Boolean algebra (Φ,⊑) is a Boolean algebra with P⋆ as 1, {✵} as 0 and the complement R.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Definition: Contract A contract C = (A,G) is a pair of process-filters. var(C), the variable set of C = (A,G), is defined by var(C) = var(A) ∪ var(G). C = Φ×Φ is the set of contracts.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Defintion: Satisfaction Let C = (A,G) a contract, p a process: p C ⇐ ⇒ ( [p] ⊓ A) ⊑ G where [p] denote [[↑

▽

p] ↓⊆] .

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Definition: Satisfaction preorder A contract (A1,G1) is finer than a contract (A2,G2), written (A1,G1) ❀(A2,G2), iff all processes that satisfy the contract (A1,G1) also satisfy the contract (A2,G2):

(A1, G1)❀(A2, G2) ⇐ ⇒ ( ∀ p ∈ P)((p (A1, G1)) = ⇒ (p (A2, G2))) (17)

The relation finer on contracts satisfies the following property: (A1, G1)❀(A2, G2) ⇐ ⇒ ( A1 ⊔ G1) ⊑ ( A2 ⊔ G2) (18)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Definition: Satisfaction preorder A contract (A1,G1) is finer than a contract (A2,G2), written (A1,G1) ❀(A2,G2), iff all processes that satisfy the contract (A1,G1) also satisfy the contract (A2,G2):

(A1, G1)❀(A2, G2) ⇐ ⇒ ( ∀ p ∈ P)((p (A1, G1)) = ⇒ (p (A2, G2))) (17)

The relation finer on contracts satisfies the following property: (A1, G1)❀(A2, G2) ⇐ ⇒ ( A1 ⊔ G1) ⊑ ( A2 ⊔ G2) (18)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Definition: Filtering equivalence of contracts Two contracts C1 = (A1,G1) and C2 = (A2,G2) are filtering equivalent, denoted (A1,G1) (A2,G2) if and only if: ((A1,G1) ❀(A2,G2)) ∧ ((A2,G2) ❀(A1,G1)) Corollary Two contracts C1 = (A1,G1) and C2 = (A2,G2) are filtering equivalent if and only if ( A1 ⊔ G1) = ( A2 ⊔ G2).

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Definition: Filtering equivalence of contracts Two contracts C1 = (A1,G1) and C2 = (A2,G2) are filtering equivalent, denoted (A1,G1) (A2,G2) if and only if: ((A1,G1) ❀(A2,G2)) ∧ ((A2,G2) ❀(A1,G1)) Corollary Two contracts C1 = (A1,G1) and C2 = (A2,G2) are filtering equivalent if and only if ( A1 ⊔ G1) = ( A2 ⊔ G2).

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Definition: Refinement of contracts Let C1 = (A1,G1) and C2 = (A2,G2) two contracts. The contract C1 refines the contract C2, written C1 C2, if and

• nly if the three following properties are satisfied:

(a) (A1,G1) ❀(A2,G2) (b) (A2 ⊑ A1) (c) (G1 ⊑ A1 ⊔ G2)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Corollary (C,) is a poset.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Special case If we suppose G1 is an abstraction of A1: (G1 ⊑ A1) then C1 C2, if and only if the three following properties are satisfied: (a) (A2 ⊓ G1) ⊑ G2 (b) (A2 ⊑ A1) (c) (G1 ⊑ A1)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Lemma: Greatest lower bound of contracts Two contracts C1 = (A1,G1) and C2 = (A2,G2) have a greatest lower bound C = (A,G) defined by: A = A1 ⊔ A2 (19) G = ((A1 ⊓ A2 ⊓ G1) ⊔ ( A1 ⊓ A2 ⊓ G2) ⊔ (G1 ⊓ G2)) (20) Lemma: Least upper bound of contracts Two contracts C1 = (A1,G1) and C2 = (A2,G2) have a least upper bound C = (A,G) defined by: A = A1 ⊓ A2 (21) G = ( A1 ⊓ G1) ⊔ ( A2 ⊓ G2) ⊔ (A1 ⊓ G2) ⊔ (A2 ⊓ G1) (22)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Lemma: Greatest lower bound of contracts Two contracts C1 = (A1,G1) and C2 = (A2,G2) have a greatest lower bound C = (A,G) defined by: A = A1 ⊔ A2 (19) G = ((A1 ⊓ A2 ⊓ G1) ⊔ ( A1 ⊓ A2 ⊓ G2) ⊔ (G1 ⊓ G2)) (20) Lemma: Least upper bound of contracts Two contracts C1 = (A1,G1) and C2 = (A2,G2) have a least upper bound C = (A,G) defined by: A = A1 ⊓ A2 (21) G = ( A1 ⊓ G1) ⊔ ( A2 ⊓ G2) ⊔ (A1 ⊓ G2) ⊔ (A2 ⊓ G1) (22)

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Contract

Corollary (C, ) is a distributive lattice with ({✵},P⋆) as supremum and (P⋆,{✵}) as infimum.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

The lattice of contracts filtering equivalent to (A,G) is presented using the following notations for filters: {✵} 4 A ⊓ e G 8 A ⊓ G 12 A 1 e A ⊓ e G 5 e G 9 (A ⊓ G) ⊔ (e A ⊓ e G) 13 A ⊔ e G 2 e A ⊓ G 6 (A ⊓ e G) ⊔ (e A ⊓ G) 10 G 14 A ⊔ G 3 e A 7 e A ⊔ e G 11 e A ⊔ G 15 P⋆

(4,11) (6,11) (15,11) (14,11) (13,11) (5,11) (A,11) (4,3) (4,9) (4,0) (4,2) (4,1) (4,8) (5,9) (7,11) (5,3) (6,3) (A,9) (6,2) (4,G) (6,G) (A,G) (5,1) (14,G) (A,8) (13,9) (7,3) A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

We illustrate the distinctive features of our contract algebra by considering the specification of a four-stroke engine and its translation into observers in the synchronous language Signal.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Timing diagram of 4-stroke engine cycle for one cylinder

The successive operation modes of a 4-stroke engine: Intake, Compression, Combustion and Exhaust. They are driven by the camshaft whose position is measured in degrees.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

We wish to define a contract to stipulate that intake always takes place in the first quarter on the camshaft revolution. AIntake = cam modulo 360◦ < 90 GIntake = Intake The complementary is simply defined by AIntake=cam modulo 360◦≥ 90. The generic structure of processes in contracts finds a direct instance and compositional translation into the synchronous multi-clocked model of computation of Signal. Aintake = true when (cam modulo 360 < 90) Gintake = true when intake default false

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

We wish to define a contract to stipulate that intake always takes place in the first quarter on the camshaft revolution. AIntake = cam modulo 360◦ < 90 GIntake = Intake The complementary is simply defined by AIntake=cam modulo 360◦≥ 90. The generic structure of processes in contracts finds a direct instance and compositional translation into the synchronous multi-clocked model of computation of Signal. Aintake = true when (cam modulo 360 < 90) Gintake = true when intake default false

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

We wish to define a contract to stipulate that intake always takes place in the first quarter on the camshaft revolution. AIntake = cam modulo 360◦ < 90 GIntake = Intake The complementary is simply defined by AIntake=cam modulo 360◦≥ 90. The generic structure of processes in contracts finds a direct instance and compositional translation into the synchronous multi-clocked model of computation of Signal. Aintake = true when (cam modulo 360 < 90) Gintake = true when intake default false

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Conclusion

1

We introduced the notion of process-filters.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Conclusion

1

We introduced the notion of process-filters.

2

A main result is that the structure of process-filters is a Boolean algebra.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Conclusion

1

We introduced the notion of process-filters.

2

A main result is that the structure of process-filters is a Boolean algebra.

3

and applied it to the specification of a component-based design process.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

1

Introduction Context Motivations Goals

2

A Model for Contracts Process Process-filter Contract

3

Use Case

4

Conclusion

5

Further work

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Further work

1

Develop a module system based on the paradigm of contract for a synchronous multi-clocked formalism, SIGNAL,

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche

Introduction A Model for Contracts Use Case Conclusion Further work

Further work

1

Develop a module system based on the paradigm of contract for a synchronous multi-clocked formalism, SIGNAL,

2

Develop a prototype of compiler for the language based on typing by contracts.

A Boolean algebra of contracts for assume-guarantee reasoning Yann Glouche