Environment-Centric Contracts for Design of Cyber-Physical Systems

  • Jonas Westman
  • Mattias Nyberg
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8767)


A contract splits the responsibilities between a component and its environment into a guarantee that expresses an intended property under the responsibility of the component, given that the environment fulfills the assumptions. Although current contract theories are limited to express contracts over interfaces of components, specifications that are not limited to interfaces are used in practice and are needed in order to properly express safety requirements. A framework is therefore presented, generalizing current contract theory to environment-centric contracts - contracts that are not limited to the interface of components. The framework includes revised definitions of properties of contracts, as well as theorems that specify exact conditions for when the properties hold. Furthermore, constraints are introduced, limiting the ports over which an environment-centric contract is expressed where the constraints constitute necessary conditions for the guarantee of the contract to hold in an architecture.


Environment-Centric Contracts Architecture 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Meyer, B.: Applying “Design by Contract”. IEEE Computer 25, 40–51 (1992)CrossRefGoogle Scholar
  2. 2.
    Misra, J., Chandy, K.M.: Proofs of networks of processes. IEEE Transactions on Software Engineering SE-7(4), 417–426 (1981)Google Scholar
  3. 3.
    Hoare, C.A.R.: An Axiomatic Basis for Computer Programming. Commun. ACM 12(10), 576–580 (1969)CrossRefzbMATHGoogle Scholar
  4. 4.
    Dijkstra, E.W.: Guarded Commands, Nondeterminacy and Formal Derivation of Programs. Commun. ACM 18(8), 453–457 (1975)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Jones, C.B.: Specification and Design of (Parallel) Programs. In: Mason, R.E.A. (ed.) Information Processing 1983. IFIP Congress Series, Paris, France, vol. 9, pp. 321–332. North-Holland (1983)Google Scholar
  6. 6.
    Benveniste, A., Caillaud, B., Ferrari, A., Mangeruca, L., Passerone, R., Sofronis, C.: Multiple Viewpoint Contract-Based Specification and Design. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2007. LNCS, vol. 5382, pp. 200–225. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Sangiovanni-Vincentelli, A.L., Damm, W., Passerone, R.: Taming Dr. Frankenstein: Contract-Based Design for Cyber-Physical Systems. Eur. J. Control 18(3), 217–238 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Bauer, S.S., David, A., Hennicker, R., Guldstrand Larsen, K., Legay, A., Nyman, U., Wąsowski, A.: Moving from specifications to contracts in component-based design. In: de Lara, J., Zisman, A. (eds.) FASE 2012. LNCS, vol. 7212, pp. 43–58. Springer, Heidelberg (2012)Google Scholar
  9. 9.
    Chen, T., Chilton, C., Jonsson, B., Kwiatkowska, M.: A compositional specification theory for component behaviours. In: Seidl, H. (ed.) ESOP 2012. LNCS, vol. 7211, pp. 148–168. Springer, Heidelberg (2012)Google Scholar
  10. 10.
    Lee, E.: Cyber Physical Systems: Design Challenges. In: 11th IEEE Int. Symp. on Object Oriented Real-Time Distributed Computing (ISORC), pp. 363–369 (2008)Google Scholar
  11. 11.
    Pnueli, A.: Logics and models of concurrent systems, pp. 123–144. Springer-Verlag New York, Inc., New York (1985)CrossRefGoogle Scholar
  12. 12.
    Shurek, G., Grumberg, O.: The modular framework of computer-aided verification. In: Clarke, E.M., Kurshan, R.P. (eds.) CAV 1990. LNCS, vol. 531, pp. 214–223. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  13. 13.
    Abadi, M., Lamport, L.: Composing specifications. ACM Trans. Program. Lang. Syst. 15(1), 73–132 (1993)CrossRefGoogle Scholar
  14. 14.
    Alur, R., et al.: Mocha: Modularity in model checking. In: Hu, A.J., Vardi, M.Y. (eds.) CAV 1998. LNCS, vol. 1427, pp. 521–525. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Giese, H.: Contract-based Component System Design. In: Thirty-Third Annual Hawaii Int. Conf. on System Sciences (HICSS-33). IEEE Press, Maui (2000)Google Scholar
  16. 16.
    Sun, X., et al.: Contract-based System-Level Composition of Analog Circuits. In: 46th ACM/IEEE Design Automation Conf., DAC 2009, pp. 605–610 (July 2009)Google Scholar
  17. 17.
    Delahaye, B., Caillaud, B., Legay, A.: Probabilistic contracts: A compositional reasoning methodology for the design of systems with stochastic and/or non-deterministic aspects. Form. Methods Syst. Des. 38(1), 1–32 (2011)CrossRefzbMATHGoogle Scholar
  18. 18.
    Goessler, G., Raclet, J.-B.: Modal contracts for component-based design. In: Proc. of the 2009 7th IEEE Int. Conf. on Software Eng. and Formal Methods, SEFM 2009, pp. 295–303. IEEE Computer Society, Washington, DC (2009)Google Scholar
  19. 19.
    Benveniste, A., et al.: Contracts for System Design. Rapport de recherche RR-8147, INRIA (November 2012)Google Scholar
  20. 20.
    Quinton, S., Graf, S.: Contract-based verification of hierarchical systems of components. In: Sixth IEEE International Conference on Software Engineering and Formal Methods, SEFM 2008, pp. 377–381 (November 2008)Google Scholar
  21. 21.
    Chandrasekaran, B., Josephson, J.R.: Function in device representation (2000)Google Scholar
  22. 22.
    Umeda, Y., et al.: Function, behaviour, and structure. Applications of Artificial Intelligence in Engineering 1, 177–194 (1990)Google Scholar
  23. 23.
    Liang, F., et al.: Model-based requirement verification: A case study. In: Proc. of the 9th Int. Modelica Conf. (2012)Google Scholar
  24. 24.
    Schamai, W., et al.: Towards unified system modeling and simulation with modelicaml: Modeling of executable behavior using graphical notations. In: 7th Modelica Conference 2009. University Electronic Press (2009)Google Scholar
  25. 25.
    Boulanger, J.-L., Dao, V.Q.: Requirements engineering in a model-based methodology for embedded automotive software. In: IEEE Int. Conf. on Research, Innovation and Vision for the Future, RIVF 2008, pp. 263–268 (July 2008)Google Scholar
  26. 26.
    Friedenthal, S., Moore, A., Steiner, R.: A Practical Guide to SysML: Systems Modeling Language. Morgan Kaufmann Publishers Inc., San Francisco (2008)Google Scholar
  27. 27.
    IEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems (2010)Google Scholar
  28. 28.
    ISO 26262: Road vehicles-Functional safety (2011)Google Scholar
  29. 29.
    Westman, J., Nyberg, M.: A Reference Example on the Specification of Safety Requirements using ISO 26262. In: Roy, M. (ed.) Proc. of Workshop DECS of SafeComp., France, NA (September 2013)Google Scholar
  30. 30.
    Westman, J., Nyberg, M., Törngren, M.: Structuring Safety Requirements in ISO 26262 Using Contract Theory. In: Bitsch, F., Guiochet, J., Kaâniche, M. (eds.) SAFECOMP. LNCS, vol. 8153, pp. 166–177. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  31. 31.
    SPEEDS: SPEculative and Exploratory Design in Sys. Eng. (2006-2009)Google Scholar
  32. 32.
    Codd, E.F.: A Relational Model of Data for Large Shared Data Banks. Commun. ACM 13(6), 377–387 (1970)CrossRefzbMATHGoogle Scholar
  33. 33.
    ISO/IEC/IEEE 42010: System and software eng. - Architecture description (2011)Google Scholar
  34. 34.
    Westman, J., Nyberg, M.: Environment-Centric Contracts for the Design of Cyber Physical Systems. Technical Report urn:nbn:se:kth:diva-143401, KTH (2014)Google Scholar
  35. 35.
    Păsăreanu, C.S., et al.: Learning to divide and conquer: Applying the l* algorithm to automate assume-guarantee reasoning. Form. Methods Syst. Des. 32(3), 175–205 (2008)CrossRefzbMATHGoogle Scholar
  36. 36.
    Cobleigh, J.M., Avrunin, G.S., Clarke, L.A.: Breaking up is hard to do: An evaluation of automated assume-guarantee reasoning. ACM Trans. Softw. Eng. Methodol. 17(2), 7:1–7:52 (2008)Google Scholar
  37. 37.
    Back, R.-J., Wright, J.V.: Contracts, Games and Refinement. In: Information and Computation, p. 200. Elsevier (1997)Google Scholar
  38. 38.
    Dill, D.L.: Trace Theory for Automatic Hierarchical Verification of Speed-Independent Circuits. In: Proceedings of the Fifth MIT Conference on Advanced Research in VLSI, pp. 51–65. MIT Press, Cambridge (1988)Google Scholar
  39. 39.
    de Alfaro, L., Henzinger, T.A.: Interface Theories for Component-based Design. In: Henzinger, T.A., Kirsch, C.M. (eds.) EMSOFT 2001. LNCS, vol. 2211, pp. 148–165. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  40. 40.
    Negulescu, R.: Process Spaces. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 199–213. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  41. 41.
    Cofer, D., Gacek, A., Miller, S., Whalen, M.W., LaValley, B., Sha, L.: Compositional verification of architectural models. In: Goodloe, A.E., Person, S. (eds.) NFM 2012. LNCS, vol. 7226, pp. 126–140. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Jonas Westman
    • 1
  • Mattias Nyberg
    • 1
    • 2
  1. 1.Royal Institute of Technology (KTH)StockholmSweden
  2. 2.ScaniaSödertäljeSweden

Personalised recommendations