10 likes | 132 Views
Ben Lickly Stavros Tripakis. Interface Theories in Ptolemy II. Divide. x. z. composite interface. composite interface. x. y. y. x. y. z. w. Interface Theories. Composition by feedback. Checking Compositions. Acknowledgement
E N D
Ben Lickly Stavros Tripakis Interface Theories in Ptolemy II Divide x z composite interface composite interface x y y x y z w Interface Theories Composition by feedback Checking Compositions Acknowledgement This work was supported in part by the Center for Hybrid and Embedded Software Systems (CHESS) at UC Berkeley, which receives support from the National Science Foundation (NSF awards #0720882 (CSR-EHS:PRET) and #0720841 (CSR-CPS)), the U. S. Army Research Office (ARO#W911NF-07-2-0019), the U. S. Air Force Office of Scientific Research (MURI #FA9550-06-0312), the Air Force Research Lab (AFRL), the State of California Micro Program, and the following companies: Agilent, Bosch, HSBC, Lockheed-Martin, National Instruments, and Toyota. In addition, compositions of interfaces are also defined formally. Thus we should be able to compose and check compositions of interfaces automatically with Yices as well. A • Interface theory defines how to abstract and prove properties about components and their compositions. • This allows for modular and reusable designs. B x A, φ1 y A’ A must be Moore with respect to input x: i.e., the contract of A does not depend on x Composition by connection B’ • Input assumptions: set of legal input assignments (1) If A’ A and B’ B, then A’ • B’A • B. (2) If A’ A and A satisfies P then A’ satisfies P. Theoretical results x A, φ1 y z B, φ2 w composition satisfaction Interface Definition • Refinement preserved by composition: • If A’ ≤ A and B’ ≤ B then θ(A’,B’) ≤ θ(A,B) • θ is a composition by connection • If A’ ≤ A then κ(A’) ≤ κ(A) • κ is a composition by feedback • Both A and A’ must be Moore • Refinement does not necessarily preserve Mooreness • E.g., (y = 2x) refines (y mod 2 = 0) • Refinement characterizes pluggability: • A’ ≤ A iff for all environments E, pluggable(A,E) implies pluggable(A’,E) • Note that this is iff Contract is relation between input and output assignments Set of output variables Set of input variables Connection example I Set of all assignments of variables in X Set of all assignments of variables in Y Contract Future Work A(X) A(Y) Implementation • Extend the theory • More flexibility in feedback • Use Ptolemy models to record different theories • Improve the Ptolemy implementation • Infer the order of compositions in a large graph. • Express and check refinement relationships. In this project, we connect Ptolemy II to the Yices SMT solver. Here, interfaces can be expressed as Ptolemy expressions, which are parsed and converted into a form that Yices accepts. The interfaces can then be checked for satisfiability. Division example Center for Hybrid and Embedded Software Systems