Interface Theories in Ptolemy II
-
Upload
valentine-glover -
Category
Documents
-
view
25 -
download
4
description
Transcript of Interface Theories in Ptolemy II
http://chess.eecs.berkeley.edu/
February 11, 2010 Center for Hybrid and Embedded Software Systems
Interface Theories in Ptolemy II
Ben LicklyStavros Tripakis
AcknowledgementThis work was supported in part by the Center for Hybrid and Embedded Software Systems (CHESS) at UC Berkeley, which receives support from the National Science Foundation (NSF awards #0720882 (CSR-EHS:PRET) and #0720841 (CSR-CPS)), the U. S. Army Research Office (ARO#W911NF-07-2-0019), the U. S. Air Force Office of Scientific Research (MURI #FA9550-06-0312), the Air Force Research Lab (AFRL), the State of California Micro Program, and the following companies: Agilent, Bosch, HSBC, Lockheed-Martin, National Instruments, and Toyota.
• Input assumptions: set of legal input assignments
:)( Yin
Composition by connection
A, φ1 B, φ2 x y z w
)(: 21 zy
)()(:,: 21 inzyzy
Composition by feedback
A, φ1x y
A must be Moore with respect to input x:i.e., the contract of A does not depend on x
)(: 1 yx
compositeinterface
xy
Future Work• Extend the theory
– More flexibility in feedback– Use Ptolemy models to record different
theories
• Improve the Ptolemy implementation– Infer the order of compositions in a large
graph.– Express and check refinement relationships.
(x 1 y 1) z0 w z (y z) x 1
compositeinterface
xyzw
Interface Theories
BA
A’ B’
(1) If A’ A and B’ B, then A’ • B’ A • B.
(2) If A’ A and A satisfies P then A’ satisfies P.
satisfaction composition
Interface Definition
Set of output variables
I
X Y
Set of input variables
Contract
),,( YXI
Divide({x,y},{z},y 0 zx
y)
Dividex
y z
Division example
Set of all assignmentsof variables in X
Set of all assignmentsof variables in Y
A(X) A(Y)
Contract is relation between input and output assignments
Connection example
• Interface theory defines how to abstract and prove properties about components and their compositions.
• This allows for modular and reusable designs.
In this project, we connect Ptolemy II to the Yices SMT solver. Here, interfaces can be expressed as Ptolemy expressions, which are parsed and converted into a form that Yices accepts. The interfaces can then be checked for satisfiability.
Implementation
Checking Compositions In addition, compositions of interfaces are also
defined formally. Thus we should be able to compose and check compositions of interfaces automatically with Yices as well.
Theoretical results• Refinement preserved by composition:
– If A’ ≤ A and B’ ≤ B then θ(A’,B’) ≤ θ(A,B)• θ is a composition by connection
– If A’ ≤ A then κ(A’) ≤ κ(A)• κ is a composition by feedback• Both A and A’ must be Moore• Refinement does not necessarily preserve Mooreness
– E.g., (y = 2x) refines (y mod 2 = 0)
• Refinement characterizes pluggability:– A’ ≤ A iff for all environments E, pluggable(A,E)
implies pluggable(A’,E)• Note that this is iff