A compositional model for layered distributed systems

  • Kenneth J. Goldman
Selected Presentations
Part of the Lecture Notes in Computer Science book series (LNCS, volume 527)


Composition and layering are important mechanisms for constructing modular descriptions of distributed systems. Composition is a symmetric operator that allows system components to communicate with each other across module boundaries. Layering is an asymmetric relationship that allows one system component to observe the state of another.

Both composition and layering are useful in formal models of distributed systems. For example, Lynch and Tuttle define a composition operator for the I/O automaton model that has associated compositionality properties guaranteeing, for example, that when an execution of a composition is projected on each of its components, the result is a set of executions of the components. Such compositionality properties are important for constructing modular correctness proofs for distributed algorithms. Chandy and Misra define a layering mechanism, called superposition, for the UNITY programming model. They define superposition as a program transformation that adds a layer on top of a program such that all properties of the original program are preserved, again supporting modular correctness proofs.

It would seem desirable to mix the notions of composition and layering in formal descriptions of complex distributed systems. However, UNITY provides a superposition operator, but its union operator for combining programs lacks compositionality properties. And the I/O automaton model provides compositionality properties, but offers no support for constructing the kinds of layered systems we have described. In this paper, the I/O automaton model of Lynch and Tuttle is extended to permit superposition of program modules. This results in a unified model that supports both composition and layering. We show that our superposition operator does not affect the set of executions of the underlying module, thus preserving all properties of that module. The extended model also includes a formal specification mechanism for layered systems that allows the set of correct behaviors of the higher layer to be expressed in terms of the states of the lower layer.


Level Module Input Action Defense Advance Research Project Agency Fair Schedule Schedule Module 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    K. Mani Chandy and Leslie Lamport. Distributed snapshots: Determining global states of distributed systems. ACM Transactions on Computer Systems, 3(1):63–75, February 1985.Google Scholar
  2. [2]
    K. Mani Chandy and Jayadev Misra. A Foundation of Parallel Program Design. Addison-Wesley, Reading, MA, 1988.Google Scholar
  3. [3]
    Kenneth Goldman and Nancy Lynch. Modelling shared state in a shared action model. In Proceedings of the 5th Annual IEEE Symposium on Logic in Computer Science, June 1990.Google Scholar
  4. [4]
    Kenneth J. Goldman. Distributed algorithm simulation using Input/Output Automata. Technical Report MIT/LCS/TR-490, MIT Laboratory for Computer Science, July 1990. Ph.D. Thesis.Google Scholar
  5. [5]
    Nancy A. Lynch and Mark R. Tuttle. An introduction to Input/Output Automata. CWI-Quarterly, 2(3), 1989.Google Scholar
  6. [6]
    Magda F. Nour. An automata-theoretic model for UNITY. Technical Report MIT/LCS/TM-400, MIT Laboratory for Computer Science, June 1989. Senior Thesis.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  • Kenneth J. Goldman
    • 1
  1. 1.Department of Computer ScienceWashington UniversitySt. LouisUSA

Personalised recommendations