Download presentation
Presentation is loading. Please wait.
1
Interface Automata 29-September-2011
2
Modeling Temporal Behavior of Component Component behaves with Environment Traditional (pessimistic) approach – Environment is free to behave as it wants to – Two components are compatible if no environment leads them into an error state Optimistic approach of Interface Automata – Components designed with assumptions about environment – Two components are compatible if some environment can make both of them work together In context of this course – Write code ONCE and know that it works
3
Interface Automata Interaction specified by synchronizing input and output actions – Internal actions of concurrent automata are interleaved asynchronously Input actions – Model methods that can be called – Receiving ends of communication channels Output actions – Model method calls – Messages being transmitted – Exceptions Component designed under environmental assumptions – i.e., an object works if methods called in specific order
4
Sample Automata Internal state machine externally invisible Labels – msg? means message received – send! means action sent out – Dot/arrow on interface species in- or out-connection – Internal transitions are arrows between states based upon interface interactions Let’s discuss possible valid/invalid interactions
5
Sample Interface Automata User – Designed to be used only with message-transmission services that cannot fail
6
Comp User Compose Comp with User – msg? and msg! collapsed to msg; – Error state 6 upon second failed nack? Composition – Note how a “new” automata is created from the composition with its own In/Out actions Handling errors – Why does 6 have no exiting arrows? – Declared “Illegal” state(s)
7
Interface Automata Definition in paper – Review page 113 Compatibility and Composition – All independent actions are asynchronous – All shared actions force automata to synchronize state transitions Two automata P and Q are composable if – They don’t share states – There is no duplication of Input or Output actions – That is, “shared” means pairing Input with Output
8
Component Product Review Definition (p114) Legal environments – Steers away from Illegal states – How to specify? Use an Interface Automata! Environment Automata E – E is composable with R and non-empty – Input of E is the output of R – Illegal(R, E) =
9
Example Channel wraps error-prone send (ack/nack) with an error-free get_token / put_token to ensure delivery – Parse this from the graphics
10
Final Notation Automata Product Composition: Comp User Restricted Composition: Comp || User Nice features of composition – Associative (P || Q) ||R == P || (R || Q) if either is defined – Some automata cannot be composed in this restrictive way
11
Refinement Consider relation between abstract and concrete version of a component QuickComp (next slide) – Provides try-twice msg service – Provides try-once once service Shouldn’t QuickComp be considered a refinement of Comp?
12
QuickComp Comp QuickComp means QC refines C
13
Contravariance Refined automata must allow for (possibly) more legal inputs and (possibly) fewer outputs – Weaken the pre-condition – Strengthen the post-condition Notion of alternating simulation – Q refines P if – all input steps of P can be simulated by Q – all output steps of Q can be simulated by P – works because internal state transitions are invisible to external viewers Captures a simple kind of subclassing – If Q refines P then implementation Q is able to provide more services than specification P – Q must be consistent with P on shared services
14
More definitions Transitive: Q refines P and R refines Q – If P Q and Q R then P R Reflexive: P refines P – P P Refinement and compatibility are related – Replace P with Q if (a) P and Q are connected to the environment by same input/output; and (b) P Q
15
Refinement is Compositional Is P||R S||T? – One need only check two smaller cases – Is P S? – Is R T? Compositional reasoning is the key to dealing with large scale systems
16
Refinement and Composition Given interface automata P, Q, and R where – Q and R are composable – Input Q Output R Input P Output R If P and R are compatible and P Q – Q and R are compatible – P||R Q||R
17
Single-Threaded Interface Automata Many compositions can be restricted to single- threaded – Client makes request (and then blocks); during this time client cannot alter state – Server receives request and once it has responded, it becomes quiescent and won’t alter state See Figure 7
18
Single-Threaded vs. Multi-Threaded
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.