in Proc. AMAST'96, Springer-Verlag, in print
On the Emergence of Properties in Component-Based Systems(*) J.L.Fiadeiro Department of Informatics Faculty of Sciences, University of Lisbon, Campo Grande, 1700 Lisboa, PORTUGAL
[email protected] Abstract. When several components are interconnected to form a complex system, they may exhibit more properties (individually) than they had when considered in isolation. When we consider a category SPEC of component specifications taken as theories in some logic, properties are expressed as sentences of the underlying logic, and emergence of properties can be characterised by the fact that the morphisms that connect component specifications to the system specification are not conservative. Depending on the relationship that can be established between SPEC and a corresponding category PROG of programs, we show that such emergence phenomena can be interpreted in more than one way: (1) considering an individual component, the rest of the system is acting as a "regulator" for that component which, therefore, has a more constrained behaviour and exhibits more properties; (2) the overall good behaviour of the system requires cooperation of the components (some sort of sociability with regard to the rest of the system) which gives rise to the emergence of new properties. Some of these forms of sociability are characterised and related to well known properties of concurrent systems such as fairness and, more generally, to the assumptions that are made on the environment in rely-guarantee styles of specification.
1 Introduction In the early 70's, J. Goguen proposed the use of categorical techniques in General Systems Theory for unifying a variety of notions of system behaviour and their composition techniques [Goguen 71, 73, Goguen and Ginali 78]. His approach has been summarised in a very simple but far reaching principle: "given a category of widgets, the operation of putting a system of widgets together to form a super-widget corresponds to taking a colimit of the diagram of widgets that shows how to interconnect them". These principles were originally formulated in the context of mathematical models of system behaviour. Similar principles were later applied in the context of program development as a means of modularising the specification of abstract data types. The seminal paper of Burstall and Goguen – "Putting theories together to make specifications" [Burstall and Goguen 77] – and subsequent work on the theory of institutions [Goguen and Burstall 92], shows that theories (or theory presentations) of a logic (institution) can be used as building blocks in the construction of structured specifications, category theory providing the mathematical framework in which operations on specifications are formalised [Sannella and Tarlecki 88]. (*)
This work was partially supported by the Esprit WG 8319 (MODELAGE), the HCM Scientific Network CHRX-CT92-0054 (MEDICIS), and contract PRAXIS XXI 2/2.1/MAT/46/94 (ESCOLA).
The same principles have been applied to the algebraic specification of reactive systems by using typical logics for concurrent system specification, such as temporal logic [Manna and Pnueli 91]. In this approach [Fiadeiro and Maibaum 92], the specification of a system of interconnected components is given as a diagram showing how the specifications of the individual components are interconnected, the colimit of this diagram providing a specification of their joint behaviour. In [Fiadeiro and Maibaum 92], we further showed how some typical phenomena of concurrent system behaviour, such as starvation, can be given an algebraic characterisation in terms of the conservativeness of the morphisms that connect each object to the system of which it is a component. Basically, we showed that the emergence of properties in the language of a component as theorems of the system could be diagnosed as a lack of co-operation between the components of the system and, hence, as a source of conflicts in their implementations. In this paper, we resume the study of such emergence phenomena and investigate the relationships that may exist between the structural properties of specification logics and of the programming languages that are chosen to realise them, reflecting the fact that any categorical formalisation of modularity in system development has to take into account the relationship between these two levels – specifications and their realisations. More precisely, we show that compositionality, the key property for achieving modularity and incrementality in system development, can be characterised, algebraically, through the existence of a functor relating two development levels. Finally, we show how rely-guarantee styles of specification result from weaker structural relationships between two such levels. Having this in mind, the paper proceeds as follows. In section 2, we revise the categorical approach to reactive system specification proposed in [Fiadeiro and Maibaum 92] and illustrate the phenomenon of emergence of properties. In section 3, adapting from [Fiadeiro and Maibaum 95, 96], we introduce programs in the language COMMUNITY and formalise their parallel composition in a categorical framework. Finally, in section 4, we formalise the notion of compositionality in this categorical framework and relate certain emergence phenomena with the lack of compositionality and rely/guarantee styles of specification.
2 Interconnections of Specifications and Emergence We shall use linear temporal logic as a specification formalism. We define this logic in the style of institutions [Goguen and Burstall 92]: Definition 2.1: The linear temporal logic institution LTL is defined as follows: • its category of signatures is SET. • the grammar functor defines, for every signature Σ, the set of linear temporal propositions LTL(Σ) as follows: φ ::= a | (¬ φ ) | (φ ⊃ ψ ) | b e g | (φ U ψ ) for a∈ Σ . A signature morphism f:Σ → Σ ' induces the translation f: LTL(Σ)→LTL(Σ') defined as follows:
–2–
f(φ ) ::= f(a) | ¬ f(φ ) | f(φ )⊃ f(ψ ) | b e g | f(φ )U f(ψ ) . • the model functor is defined as follows: for every signature Σ, a Σ-model consists of a mapping M: Σ→2 ω . We denote by Mod(Σ) the set of all Σmodels. Given a signature morphism f:Σ→Σ', for every M∈Mod(Σ') we define M|f∈Mod(Σ) by M|f(a)=M(f(a)). • the satisfaction relation is defined as follows: a Σ-proposition φ is said to be true in a Σ-model M at instant i∈ω (which we write (M,i) Σφ) iff: – for all a∈Σ, (M,i) Σa iff i∈M(a); – (M,i) Σ¬φ iff (M,i) / Σφ; – (M,i) Σφ⊃ψ iff (M,i) Σφ implies (M,i) Σψ; – (M,i) Σbeg iff i=0; – (M,i) Σ φUψ iff there exists j>i such that (M,j) Σ ψ and, for all k such that i
