Richer interface automata with optimistic and pessimistic compatibility

Abstract

Modal transition systems are a popular semantic underpinning of interface theories, such as Nyman et al.’s IOMTS and Bauer et al.’s MIO, which facilitate component-based reasoning for concurrent systems. Our interface theory MIA repaired a compositional flaw of IOMTS-refinement and introduced a conjunction operator. In this paper, we first modify MIA to properly deal with internal computations including internal must-transitions, which were largely ignored already in IOMTS. We then study a MIA variant that adopts MIO’s pessimistic—rather than IOMTS’ optimistic—view on component compatibility and define, for the first-time in a pessimistic, non-deterministic setting, conjunction and disjunction on interfaces. For both the optimistic and pessimistic MIA variant, we also discuss mechanisms for extending alphabets when refining interfaces, which is a desired feature for perspective-based specification. We illustrate our advancements via a small example.

Appendix: Proof of Lemma 4(b)–(e)

Proof of Part (b). We show by induction on \(k\) that there exists a \(\overline{P}_k\) such that . Part (a) implies the case \(k=1\). Assume the claim holds for \(k\). Now, there are two cases: if \(p_{k+1} \notin \overline{P}_k\), then \(\overline{P}_{k+1} = \overline{P}_k \subseteq (P'{\setminus }\{p_1, \ldots , p_{k+1}) \cup \,\bigcup _{i=1}^{k+1} P_i\). Otherwise, by Part (a). Hence, \(\overline{P}_{k+1} \subseteq (((P'{\setminus }\{p_1, \ldots , p_k\}) \cup \,\bigcup _{i=1}^{k} P_i){\setminus }\{p_{k+1}\}) \cup P_{k+1} \subseteq (P'{\setminus }\{p_1, \ldots , p_{k+1}) \cup \,\bigcup _{i=1}^{k+1} P_i\). \(\square \)

Proof of Part (c). The proof proceeds by induction on the overall number of applications of Definition 2(a’). If this is \(0\), then \(\overline{P} =_{\text {df}}\bigcup _{i=1}^{n} P_i\). Otherwise, assume w.l.o.g. that , \(p_1 \in P''_1\), \(p_1 {\mathop {\longrightarrow }\limits ^{\tau }} P''\) and \(P'_1 = (P''_1{\setminus }\{p_1\}) \cup P''\). By induction hypothesis, there exists a \(\hat{P}\) such that . If \(p_1 \notin \hat{P}\), then \(\hat{P} \subseteq \,\bigcup _{i=1}^{n} P'_i\) and we are done. Otherwise, . Since \(\hat{P}\subseteq P''_1 \cup \,\bigcup _{i=2}^{n} P'_i\) implies \(\hat{P}{\setminus }\{p_1\} \subseteq (P''_1{\setminus }\{p_1\}) \cup \,\bigcup _{i=2}^{n} P'_i\), we obtain \(\overline{P} \subseteq \bigcup _{i=1}^{n} P'_i\). \(\square \)

Proof of Part (d). The proof is by induction on the derivation of . For \(P=P'\), choose \(\overline{P} =_{\text {df}}P''\). Otherwise, assume , \(p\in \hat{P}\), \(p {\mathop {\longrightarrow }\limits ^{\tau }} \hat{P}'\) and \(P' = (\hat{P}{\setminus }\{p\}) \cup \hat{P}'\). By induction hypothesis, there exists a \(\overline{P}'\) such that . If \(p \notin \overline{P}'\), then \(\overline{P}'\subseteq P'\) and we are done. Otherwise, \(\overline{P} =_{\text {df}}(\overline{P}'{\setminus }\{p\}) \cup \hat{P}'\subseteq P'\). \(\square \)

Proof of Part (e). For \(1 \le i \le n\), we have such that \(p_j^i {\mathop {\longrightarrow }\limits ^{o}} P_j^i\) for \(1 \le j \le k_i\), and can derive from by repeated application of Definition 2(a), i.e., . By Part (d), we get for each \(P_j^i\) a \(P_j^{'i}\) such that .

When applying Part (b), we obtain some \(\hat{P}\) such that . With Definition 2(b) we get , where \(U\) is the union of some of the \(P_j^i\). Taking these \(P_j^i\) as the \(P_i\) in Part (c) yields such that \(\overline{P}\) is contained in the union of the resp. \(P_j^{'i}\) and, thus, in \(\bigcup _{i=1}^{n} P_i\). \(\square \)