Piotr Hoffman

AGILE: Software Architecture for Mobility.

Architecture-based approaches have been promoted as a means of controlling the complexity of system construction and evolution, in particular for providing systems with the agility required to operate in turbulent environments and to adapt very quickly to changes in the enterprise world. Recent technological advances in communication and distribution have made mobility an additional factor of complexity, one for which current architectural concepts and techniques can be hardly used. The AGILE project is developing an architectural approach in which mobility aspects can be modelled explicitly and mapped on the distribution and communication topology made available at physical levels. The whole approach is developed over a uniform mathematical framework based on graph-oriented techniques that support sound methodological principles, formal analysis, and refinement. This paper describes the AGILE project and some of the results gained during the first project year.

Semantics of Architectural Specifications in CASL

We present a semantics for architectural specifications in CASL, including an extended static analysis compatible with model-theoretic requirements. The main obstacle here is the lack of amalgamation for CASL models. To circumvent this problem, we extend the CASL logic by introducing enriched signatures, where subsort embeddings form a category rather than just a preorder. The extended model functor has amalgamation, which makes it possible to express the amalgamability conditions in the semantic rules in static terms. Using these concepts, we develop the semantics at various levels in an institution-independent fashion.

Checking Amalgamability Conditions for C ASL Architectural Specifications

CASL, a specification formalism developed recently by the CoFI group, offers architectural specifications as a way to describe how simpler modules can be used to construct more complex ones. The semantics for Casl architectural specifications formulates static amalgamation conditions as a prerequisite for such constructions to be well-formed. These are non-trivial in the presence of subsorts due to the failure of the amalgamation property for the Casl institution. We show that indeed the static amalgamation conditions for Casl are undecidable in general. However, we identify a number of practically relevant special cases where the problem becomes decidable and analyze its complexity there. In cases where the result turns out to be PSPACE-hard, we discuss further restrictions under which polynomial algorithms become available. All this underlies the static analysis as implemented in the Casl tool set.

Amalgamation in the semantics of CASL

We present a semantics for architectural specifications in the Common Algebraic Specification Language (CASL), including an extended static analysis compatible with model-theoretic requirements. The main obstacle here is the lack of amalgamation for CASL models. To circumvent this problem, we extend the CASL logic by introducing enriched signatures, where subsort embeddings form a category rather than just a preorder. The extended model functor satisfies the amalgamation property as well as its converse, which makes it possible to express the amalgamability conditions in the semantic rules in static terms. Using these concepts, we develop the semantics at various levels in an institution-independent fashion. Moreover, amalgamation for enriched CASL means that a variety of results for institutions with amalgamation, such as computation of normal forms and theorem proving for structured specifications, can now be used for CASL.

Verifying Architectural Specifications

In this paper we develop methods for verifyingthe correctness of architectural specifications, a mechanism introduced in the Casl specification language. This mechanism offers a formal way to express implementation steps in program development. Each such step states that to implement the unit of interest, one may implement some other units and then assemble them in the prescribed manner. In this paper we define a formal institution-independent semantics of architectural specifications, as well as sound and complete methods for provingthem correct, applicable in the case of many institutions, in particular first-order logic.

A PROOF OF ISBELL’S ZIGZAG THEOREM

We provide a short, intuitive proof of Isbell’s zigzag theorem. 2000 Mathematics subject classification: 20M50.

Verifying Generative CASL Architectural Specifications

We present a proof-calculus for architectural specifications, complete w.r.t. their generative semantics. Architectural specifications, introduced in the Casl specification language, are a formal mechanism for expressing implementation steps in program development. They state that to implement a needed unit, one may implement some other units and then assemble them in the prescribed manner; thus they capture modular design steps in the development process. We focus on developing verification techniques applicable to full Casl architectural specifications, which involves, inter alia, getting around the lack of amalgamation in the Casl institution.

Union of equational theories: an algebraic approach

We consider the well-known problem of deciding the union of decidable equational theories. We focus on monadic theories, i.e., theories over signatures with unary function symbols only. The equivalence of the category of monadic equational theories and the category of monoids is used. This equivalence facilitates a translation of the considered decidability problem into the word problem in the pushout of monoids which themselves have decidable word problems. Using monoids, existing results on the union of theories are then restated and proved in a succint way. The idea is then analyzed of first guaranteeing that the union is a “jointly conservative” extension and then using this property to show decidability of the union. It is shown that “joint conservativity” is equivalent to the corresponding monoid amalgam being embeddable; this allows one to apply results from amalgamation theory to this problem. Then we prove that using this property to show decidability is a more difficult matter: it turns out that even if this property and some additional conditions hold, the problem remains undecidable.

Reachability in unions of commutative rewriting systems is decidable

We consider commutative string rewriting systems (Vector Addition Systems, Petri nets), i.e., string rewriting systems in which all pairs of letters commute.We are interested in reachability: given a rewriting system R and words v and w, can v be rewritten to w by applying rules from R? A famous result states that reachability is decidable for commutative string rewriting systems. We show that reachability is decidable for a union of two such systems as well. We obtain, as a special case, that if h : U → S and g : U → T are homomorphisms of commutative monoids, then their pushout has a decidable word problem. Finally, we show that, given commutative monoids U, S and T satisfying S ∩ T = U, it is decidable whether there exists a monoid M such that S ∪ T ⊆ M; we also show that the problem remains decidable if we require M to be commutative, too.

Datatypes in memory

Besides functional correctness, specifications must describe other properties of permissible implementations. We want to use simple algebraic techniques to specify resource usage alongside functional behaviour. In this paper we examine the space behaviour of datatypes, which depends on the representation of values in memory. In particular, it varies according to how much values are allowed to overlap, and how much they must be kept apart to ensure correctness for destructive space-reusing operations. We introduce a mechanism for specifying datatypes represented in a memory, with operations that may be destructive to varying degrees. We start from an abstract model notion for data-in-memory and then show how to specify the observable behaviour of models. The method is demonstrated by specifications of lists-in-memory and pointers; with a suitable definition of implementation, we show that lists-in-memory may be implemented by pointers. We then present a method for proving implementations correct and show that it is sound and, under certain assumptions, complete.