Section: New Results
Specification enforcing refinement for convertibility verification
Protocol conversion deals with the automatic synthesis of an additional component or glue logic, often referred to as an adaptor or an interface , to bridge mismatches between interacting components, often referred to as protocols . A formal solution, called convertibility verification, has been recently proposed, which produces such a glue logic, termed as a converter , so that the parallel composition of the protocols and the converter also satisfies some desired specification. A converter is responsible for bridging different kinds of mismatches such as control , data , and clock mismatches. Mismatches are usually removed by the converter (similar to controllers in supervisory control of discrete event systems) by disabling undesirable paths in the protocol composition.
We have formulated a generalization of this convertibility verification problem, by using a new refinement relation called Specification Enforcing Refinement (SER) between a protocol composition and a desired specification. The existence of such a refinement is shown to be a necessary and sufficient condition for the existence of suitable a converter. We have also proposed an approach to automatically synthesize a converter if a SER refinement relation exists. The proposed converter is capable of the usual disabling actions to remove undesirable paths in the protocol composition. In addition, the converter can perform forcing actions when disabling alone fails to find a converter to satisfy the desired specification. Forcing allows the generation of control inputs in one protocol that are not provided by the other protocol. Forcing induces state-based hiding , an operation not achievable using discrete event systems control theory.
Compositional strategy mapping
In the context of our work on compositionality and reconfigurability, we are studying the issue of implementing a component system on a lower-level platform. With the increasing complexity of embedded systems, coupled with the need for faster time-to-market and high confidence in the reliability of the product, design methods that ensure correctness by construction are, when available, the solution of choice. When dealing with reactive systems, which interact with their environment, the behavior of the system to be designed has to be considered in terms of strategies : can some desired behavior be enforced in spite of the — potentially non cooperative — environment?
Computing a strategy satisfying some property is expensive, and although modular and compositional controller synthesis have been studied for some decades, this remains a hard problem. In particular, progress properties are notoriously more difficult to tackle compositionally than safety properties.
We are interested in a design flow supporting the refinement of strategies, rather than in controller synthesis performed on some given level of abstraction. We consider a platform-based design process consisting of successive mapping steps  . The goal of each step is to constructively map a strategy constructed so far onto a lower-level platform. The mapping is performed component-wise, using an abstraction of the environment of each component. We have developed compositionality results ensuring that the refinement carries over to the global strategy  .
As the analysis of reachability properties is often crucial to understand the behavior of complex systems, we consider reach strategies as a special case of strategies. Reach strategies generalize the notion of acyclic paths in closed systems, ensuring reachability under control of a set of states.
We are investigating a contract-based design flow where contracts are tuples (assumption, guarantee) of modal automata. The consideration of modalities allows us to specify the level of certainty and hence quality of service constraints. The composition operation on contracts, based on residuation, has been defined so as to satisfy the properties of correctness, completeness (under some reasonable sufficient condition), associativity, and stepwise refinement. We are currently studying a design flow supporting multiple aspects and shared refinement, based on this composition operation, and its application to the BIP component framework.