An Operational Semantics of CommUnity Based on Graph Transformation Systems  by Corradini, Andrea & Hirsch, Dan
An Operational Semantics of COMMUNITY
Based on Graph Transformation Systems 1
Andrea Corradini Dan Hirsch
Dipartimento di Informatica, Universita` di Pisa,
Via F. Buonarroti 2, I-56127, Pisa, Italia 2
Abstract
We propose an operational semantics, based on graph transformation, of CommUnity, a simple
program design language. Each action of a single CommUnity design is modeled by a syn-
chronized hyperedge replacement rule. Synchronized actions of several interconnected designs in
a conﬁguration result automatically from the individual rules thanks to the rule synchronization
mechanism.
Keywords: Graph transformation systems, operational semantics, software architectures.
1 Introduction
Architectural approaches to software design view system architectures as struc-
tured in terms of components (where actual computations take place) glued
together by connectors, which prescribe how components interact. CommUnity
[4] is a simple parallel program design language, developed to support analysis
and formalization of architectural semantic primitives. The basic CommUnity
components, called designs, specify the eﬀect of certain actions over suitable
channels. Some channels may be aﬀected by actions (local ones), others may
only be read (input ones) as their value is provided by the environment.
1 Research partially supported by the EU FET – GC Project IST-2001-32747 agile and the EC RTN
2-2001-00346 SegraVis (Syntactic and Semantic Integration of Visual Modelling Techniques).
2 Email: andrea@di.unipi.it , dhirsch@di.unipi.it
Electronic Notes in Theoretical Computer Science 109 (2004) 111–124
1571-0661 © 2004 Elsevier B.V. 
www.elsevier.com/locate/entcs
doi:10.1016/j.entcs.2004.02.060
Open access under CC BY-NC-ND license.
If the eﬀect of actions is fully speciﬁed, as we shall assume along the paper,
and the channels are associated with corresponding values (i.e., the design is
anchored), the ﬁring of an action is possible when its guard holds true, and its
eﬀect is a multiple assignment on the local channels. However, this can only
happen in an environment providing values for the input channels.
In a conﬁguration, designs are interconnected through cables, which deter-
mine design action synchronizations, and channel sharing. Some constraints
are imposed: e.g., two local channels cannot be shared, as they could contain
inconsistent values. Such constraints guarantee the existence of a colimit de-
sign for the conﬁguration, having one action for each possible action synchro-
nization of individual designs. The operational behaviour of a conﬁguration
is described simply as the legal sequences of actions of the colimit design.
We propose here to use graph transformation systems to provide an intu-
itive, inductive and complete account of the operational behaviour of CommU-
nity conﬁgurations. A conﬁguration is represented as a hypergraph, including
one (hyper)edge for each design and auxiliary edges for encoding the anchoring
and the interconnections among designs. Each action of a single CommUnity
design is modeled by a conditional, attributed, synchronized hyperedge re-
placement rule. The synchronization mechanism guarantees that in order to
ﬁre, some of such rules must synchronize resulting in a step that faithfully
corresponds to the ﬁring of a synchronized action of the colimit design.
The proposed semantics does not exploit fully the graphical representation
of conﬁgurations, as rules in this paper only change node attributes. However,
full expressiveness of graph transformation will be used when modeling general
CommUnity reconﬁgurations, which is the goal of ongoing research: this will
be possible because the graphical encoding of a conﬁguration state explicitly
represents the morphisms among designs as suitable interconnections.
2 COMMUNITY designs and conﬁgurations
We brieﬂy introduce here CommUnity designs and conﬁgurations. Deﬁnitions
are less general and simpliﬁed with respect to those in, e.g., [4,9], where the
reader can ﬁnd the original formulation and more detailed explanations.
The syntax of a CommUnity design is shown in Figure 1. Design D has a set
of channels V , partitioned into input (in(V )), output (out(V )), and private
channels (prv(V )). The local channels of D are deﬁned as loc(V ) = out(V )∪
prv(V ). Design D also has a set of actions Γ, partitioned into shared (sh(Γ))
and private actions (prv(Γ)). For each action a ∈ Γ, G(a) is its guard (a
boolean condition over channels, omitted when it is true), D(a) is its domain,
i.e., the set of local channels it can change, and for every local channel l in
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124112
design D
in in(V)
out out(V)
prv prv(V)
do [] a : G(a) → ‖ l := E(a, l)
a ∈ sh(Γ) l ∈ D(a)
[] [] prv a : G(a) → ‖ l := E(a, l)
a ∈ prv(Γ) l ∈ D(a)
Fig. 1. Syntax of a CommUnity design.
D(a), l := E(a,l) is an assignment, where E(a,l) is an expression over channels
(skip denotes the absence of assignments).
An anchored design is a design equipped with an evaluation, associating
each local channel to an element of a ﬁxed data algebra DΣ, where Σ is a
standard algebraic signature. 3 Two sample designs (passenger and plane)
are shown in the left part of Figure 2: they are borrowed (with little modiﬁca-
tions) from an example in [1], where the check-in and boarding of passengers
and the take oﬀ of planes at an airport are modeled using CommUnity.
Component Types
plfl: Flight
s: [0..2],
load_lug: [s=0
takesoff: [s=1
id: PlId
plfl: Flight
s: [0..2],
s:=1]
s:=2]
design passenger is
prv
in
do
seat: SeatId, passfl: Flight
checkin: [passfl=plfl ^ s=0
boards: [s=1 s:=2]
design plane
prv
out
do
is
s:=1]
[]
[]
is
do ac1: [s=0 s:=1]
[] ac2: [s=1 s:=2]
design is
prv
fl
dep
s: [0..2]
in
boards a ac1
plfl fli fl plfli
takesoffac2 a
do a: [true skip]
design cable is
in i
do a: [true skip]
design cable is
in i
Coordination Contract Types
Coord−contract departure(passenger,plane)
passenger plane
Fig. 2. Two CommUnity designs (left) and a conﬁguration (right).
Interactions between designs are established through action synchronization
and memory sharing, which are obtained by introducing degenerated designs
called cables, and explicit morphisms from cables to designs. As cables add no
computations of their own, they have only input channels and shared actions
with true guards and no assignments. A (superposition) morphism σ : C → D
from a cable C to a design D maps each (input) channel v of C to a non-private
(i.e., input or output) channel σV (v) of D, and each (shared) action a of C
to a non-empty set of non-private (i.e., shared) actions σΓ(a) = {a′1, . . . , a′n}
3 Typically, the channels in V are typed and a standard typing discipline is imposed over
their manipulation. In this case Σ is a many-sorted signature, having the relevant types as
sorts. All these details are not elaborated here for the sake of conciseness.
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124 113
of D. 4 Intuitively, such morphism identiﬁes the channels v and σV (v) (they
become shared : any value associated to one of them is available at the other),
and synchronizes action a with any of the actions in σΓ(a) (a can ﬁre if and
only if one of the actions in σΓ(a) ﬁres simultaneously).
A conﬁguration is a ﬁnite diagram made of designs, cables and morphisms
from cables to designs, such that every input channel is shared (through an
undirected path of morphisms) with exactly one output channel. This con-
straint guarantees that if the conﬁguration designs are anchored, each channel
is associated with exactly one value. A sample conﬁguration is shown in the
right part of Figure 2, where the designs passenger and plane are connected
via a third design dep and two cables. The morphisms cause the input chan-
nel plfl of passenger to be shared with the output channel plfl of plane.
Furthermore, action board of passenger (synchronized with ac1 of dep) is
forced to ﬁre before action takesoff of plane (synchronized with ac2).
is
spass:=1]do checkin: [passfl=plfl ^ spass=0
spass:=1 || spl:=1]
out
spl, sdep, spass: [0..2], id:PlId
seat: SeatId, passfl: Flight
plfl: Flight
1passenger1plane
checkinLoad_lug: [passfl=plfl ^ spass=0 ^ spl=0
spl:=1]load_lug: [spl=0
spass:=2 || sdep:=1 || spl:=1]boardsAc1Load_lug: [spass=1 ^ sdep=0 ^ spl=0
checkinAc2Takesoff: [passfl=plfl ^ spass=0 ^ sdep=1 ^ spl=1 spass:=1 || sdep:=2 || spl:=2]
spass:=2 || sdep:=1]boardsAc1: [spass=1 ^ sdep=0
ac2Takesoff: [sdep=1 ^ spl=1 sdep:=2 || spl:=2]
design
prv
[]
[]
[]
[]
[]
[]
Fig. 3. The colimit of the conﬁguration of Figure 2
Every (anchored) conﬁguration has a colimit (in the category of (anchored)
designs and superposition morphisms), which is a design having as channels
the disjoint union of channels of the conﬁguration (modulo shared channels),
and as actions the cartesian product of actions (modulo synchronized ones).
The operational behaviour of a conﬁguration is described in terms of its
colimit: at each step, an action of the colimit whose guard evaluates to true
is selected non-deterministically, and the corresponding multiple assignment
is executed. For example, in the colimit of the conﬁguration of Figure 2
(shown in Figure 3), actions checkin of passenger and load lug of plane are
independent (they can ﬁre alone or simultaneously), while boardsAc1 models
synchronous execution of actions boards of passenger and ac1 of dep; actions
boardsAc1Load lug and checkinAc2Takesoff will never be ﬁred from the
anchored conﬁguration of Figure 6, because their guards are always false.
4 σΓ can also be deﬁned as a surjective, partial function from actions of D to those of C.
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124114
3 Graph transformation systems
We introduce here the notion of graph transformation that we shall use to
model the evolution of CommUnity conﬁgurations. The formalism we use can
be deﬁned as attributed, conditional, synchronized hyperedge replacement with
value passing Hoare synchronization. Indeed, we borrow various ingredients
presented elsewhere from the literature, composing them in an original way
that is tailored to our speciﬁc needs. We start introducing (parallel) hy-
pergraph rewriting according to the double-pushout approach [2,3]. Next we
enrich the formalism ﬁrst with attributions [7], and then with synchronization
[6] and with application conditions.
3.1 Hypergraph rewriting
Hypergraphs are made of nodes and labeled edges. Each edge may be con-
nected to several nodes speciﬁed by a connection function. Each ‘tentacle’, i.e.,
each connection between an edge and a node, is labeled by a ‘name’ (instead
of a number, as usual in literature). The number of connections of an edge and
the names of such connections are uniquely determined by the edge label: this
information is provided by a ﬁxed edge signature ∆ = 〈CN ,Λ, rnk〉, where CN
is a set of connection names, Λ is a set of edge labels, and rnk : Λ → Pﬁn(CN )
is a function associating to each edge label a ﬁnite set of connection names.
A ∆-(hyper)graph H is a tuple 〈VH, EH , labH , cH〉, where VH is a set of
nodes, EH is a set of (hyper)edges, labH : EH → Λ is the labeling function,
and cH : EH → [CN →◦ VH ] is the connection function, associating with each
edge a partial function from connection names to nodes. It is required that
dom(cH(e)) = rnk(labH(e)) for each e ∈ EH . If cH(e)(x) = v we call v the
x-node of e. Hypergraph morphisms are deﬁned in the expected way.
A rule is a span of injective ∆-graph morphisms q = (L
l←↩ K r↪→ R),
where L, K, R are ﬁnite ∆-graphs, L has no isolated nodes, the left-hand side
morphism l is surjective on nodes (i.e., no node is deleted by the rule), and
graph K is discrete (it contains no edge). A match of such a rule in a ∆-graph
G is a morphism g : L → G which is injective on edges. 5 In this case we write
G ⇒q H , if both squares in the following diagram are pushouts:
L
g

K
l 
 r 

R

G D
 

H
5 This ensures that the gluing conditions of the DPO approach are satisﬁed.
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124 115
A ∆-graph transformation system (GTS) R = 〈P, π〉 is made of a set of rule
names P and of a function π which assigns to each p ∈ P a rule π(p) = (Lp ←↩
Kp ↪→ Rp). We write G ⇒R H if G ⇒p H for some p ∈ P . Given a GTS
R = 〈P, π〉, let R⊕ = 〈P⊕, π⊕〉 be the GTS where P⊕ is the (carrier of the)
free commutative monoid generated by P (excluding unit), and π⊕ is the free
extension of π, mapping p⊕p′ to the disjoint union of rules π⊕(p) and π⊕(p′). 6
Then we say that there is a parallel rewriting from G to H in R iﬀ G ⇒R⊕ H .
3.2 Attributed hypergraph rewriting
Let Σ be a standard algebraic one-sorted signature, which is ﬁxed for the
rest of the section. 7 A Σ-attributed ∆-hypergraph (or Σ,∆-graph) is a triple
G = 〈|G|,AG, attG〉, where |G| is a ∆-graph (the underlying ∆-graph of G),
AG is a Σ-algebra, and attG : V|G| →◦ |AG| is an attribution, i.e., a partial
function mapping nodes of |G| to elements of the carrier of the algebra AG.
A Σ,∆-graph morphism f : G → G′ is a pair 〈|f |, fA〉, where |f | : |G| → |G′|
is a ∆-graph morphism, and fA : AG → AG′ is a total Σ-homomorphism such
that fA ◦ attG = attG′ ◦ |f |V .
This deﬁnition of attributed graph is very general, because every graph
is equipped with its own Σ-algebra. We stick here to the case where the
attributed graphs appearing in a rule have associated TΣ(X), the free algebra
over Σ generated by a countable set of variables X, while the graphs which
are rewritten all have as algebra a ﬁxed data algebra DΣ. An attributed rule
is a span of injective Σ,∆-graph morphisms r = (L
l←↩ K r↪→ R), such that:
• the underlying span of ∆-graph morphisms (|L| |l|←↩ |K| |r|↪→ |R|) is a rule;
• the Σ-algebra associated with L, K, R is TΣ(X), and lA, rA are the identities;
• graph L is linear, i.e., all its attributed nodes are labeled either by ground
terms or by variables, and no variable labels more than one node;
• V ar(R) ⊆ V ar(L), where V ar(H) ⊆ X is the set of variables appearing in
the attributions of H .
A match of an attributed rule r = (L ←↩ K ↪→ R) in a Σ,∆-graph G
over DΣ is a Σ,∆-graph morphism g : L → G which is injective on edges.
Such a map determines an evaluation θg : V ar(L) → DΣ deﬁned as θg(x) =
attG(gV (n)) iﬀ attL(n) = x (this is well deﬁned thanks to linearity of L). By
the freeness of TΣ(X), θg extends uniquely to a homomorphism θg : TΣ(X) →
DΣ: by applying it to all attributions appearing in the attributed rule, we get
6 This deﬁnition only works up to isomorphims.
7 All notions easily generalize to the many-sorted case, which is used indeed in the examples.
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124116
a corresponding span rθg = (Lθg ←↩ Kθg ↪→ Rθg), where graphs are over DΣ.
In this situation we write G ⇒r H if H = 〈|H|,DΣ, attH〉, there is a
∆-rewriting step |G| ⇒|rθg| |H|, and attH is uniquely determined by lifting
the double-pushout diagram to the category of Σ,∆-graphs, assuming that all
Σ-homomorphism components are identities over DΣ.
The deﬁnition of parallel rewriting is the same as for the unattributed
case, provided that forming a parallel attributed rule the component rules are
renamed apart, in order to avoid variable name clashes.
3.3 Conditional Synchronized Hypergraph Rewriting
We introduce now a powerful synchronization mechanism for attributed rules,
which in the terminology of [6] is called Hoare synchronization with value pass-
ing. Intuitively, a rule may have some nodes of the left-hand side annotated
with events, which are atomic predicates built over a set of event names and
terms over Σ. These events may prevent the application of the rule at a given
match, unless one or more other rules, annotated with corresponding match-
ing events on the same nodes, are applied synchronously. In order to model
faithfully the actions of CommUnity designs, we shall equip rules also with
boolean conditions that will encode the guards.
Let Ev = ∪n∈NEvn be a ﬁxed, ranked set of event names, and EΣ(X) be
the collection of well-formed events over X, containing all terms of the form
e(t1, . . . , tn), with e ∈ Evn and ti ∈ TΣ(X) for all i ∈ {1, . . . , n}. A (con-
ditional) synchronized (attributed) rule is a triple 〈r, synch, cond〉, namely
an attributed rule r = (L ←↩ K ↪→ R) equipped with a partial function
synch : V|L| →◦ EΣ(X), and with a formula cond in a logic suﬃciently ex-
pressive to encode CommUnity guards. Denoting by V ar(synch) the set of
variables appearing in the events in synch(V|L|), the following condition must
hold: V ar(R)∪V ar(cond) ⊆ V ar(L)∪V ar(synch). This condition will guar-
antee that all variables in cond and in the right-hand side of the rule will be
instantiated by any legal match of the left-hand side.
A synchronized (attributed conditional Σ,∆-hyper)graph transformation sys-
tem (SGTS) S = 〈P, π〉 is made of a set of rule names P and of a function π
mapping each p ∈ P to a synchronized rule π(p) = 〈rp, synchp, condp〉. Then,
the parallel SGTS S⊕ = 〈P⊕, π⊕〉 has P⊕, the free commutative monoid gener-
ated by P (excluding unit) as rule names. Moreover, if p = p1⊕ . . .⊕pk ∈ P⊕,
with pi ∈ P and π(pi) = 〈ri, synchi, condi〉 for all i = 1, . . . , k, then the par-
allel synchronized rule π⊕(p) = 〈r, synch, cond〉 is obtained by ﬁrst applying
suitable variable renamings in order to avoid name clashes among rules, and
then taking as r the disjoint union of all ri’s, as synch the obvious partial
function induced by all synchi’s, and as cond the conjunction of all condi’s.
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124 117
Let s = 〈r = (L ←↩ K ↪→ R), synch, cond〉 be a (typically parallel) syn-
chronized rule, and let g : L → G be a match to a Σ,∆-graph G. Further-
more, let θg : V ar(L) → DΣ be the evaluation induced by g, and synch(g) def=
g(dom(synch)) ⊆ V|G| be the syncronization nodes of g, i.e., those which are
image of nodes of L annotated with events. Then rule s can be applied to g if
• every edge of G connected to a node in synch(g) is in the image of g;
• ∀n ∈ synch(g), g−1(n) ⊆ dom(synch), i.e., each node mapped by g to a
synchronization node is annotated with an event;
• there exists a ground substitution θ : V ar(synchθg) → DΣ such that for
each node n ∈ synch(g) and for all nodes m,m′ ∈ g−1(n), synch(m)θgθ =
synch(m′)θgθ; furthermore θ must be minimal, in the sense that it must be
a most general uniﬁer of the involved partitioned set of events;
• the formula condθgθ evaluates to true.
Under these conditions, we write G ⇒s H if G ⇒r′ H using the match g,
where r′ is the attributed rule r′ = (L ←↩ K ↪→ Rθ).
4 COMMUNITY conﬁgurations as attributed hypergraphs
We describe now how to represent CommUnity conﬁgurations as hypergraphs.
The synchronized rules presented in the next section, when applied to such a
graph, will simulate the operational behaviour of the colimit of the conﬁgura-
tion. The graph representing a conﬁguration includes one edge for each design,
and auxiliary edges for encoding the anchorings and the morphisms. Figure 4
shows the graphs encoding two anchored designs, while Figure 5 shows the
graphical representation of a simple CommUnity morphism.
plane
sw
sr
takesoff
load_lug
idw
idr
vw
vr
vval
Vloc
ATR500
I
vw
vr
vval
Vloc
LH1832
plflr
plflw
i1 i2
vw
vr
vval
Vloc
0
LH1832
I
sr
sw
seatr
seatw
passflr
passflw
i1 i2
vw
vr
vval
Vloc
0
vw
vr
vval
Vloc
10A
vw
vr
vval
Vloc
passenger
plflr
boards
checkin
Fig. 4. Graphs for two anchored designs.
As it can be grasped from the ﬁgures, the edge signature includes as edge
labels all design names, as well as labels Vloc, I, Vin and Cn for auxiliary
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124118
sa’n
sa’1sa
sa
D D’
v1 v2
sa’nan
sa’1
sa’2
a1
a2
v1r v2r
i1 i1
I I
i2
Vin
sa a0D D’
vs vti2
Cn
Fig. 5. A CommUnity morphism (left) and its graphical encoding (right).
edges. For each design name, the connection names include xr for each input
channel x (this name will label the “read tentacle” connecting the edge to
the channel), lr and lw for each local channel (labeling the corresponding
“read” and “write” tentacles), and the names of all shared actions (labeling the
tentacles used for synchronizing actions; thus private actions have no tentacle).
The local boxes, i.e., the edges labeled with Vloc, are used to handle the
access to local channels. The tentacle labeled by vval points to the attributed
node storing the channel value, while those labeled with vr and vw provide
access for reading and changing the value. Interface boxes, labeled by I are
used to provide read access to non-private (i.e., input or output) channels.
As shown in Figure 5, a morphism σ : D → D′ is represented using input
boxes (labeled by Vin) and OR boxes (labeled by Cn). Input boxes connect the
interface boxes of the channels identiﬁed by the morphism, while OR boxes
connect the tentacle of the source design labeled by an action sa to the non-
empty set of tentacles labeled by the actions in σΓ(sa). Figure 6 shows a
complete anchored conﬁguration, and its graphical representation.
5 Evolution of conﬁgurations via synchronized rules
The behaviour of a conﬁguration is speciﬁed by a set of synchronized hyper-
edge replacement rules, i.e., rules where the left-hand side contains a single
hyperedge. Every design action is modeled by a rule, and additional rules are
provided for the auxiliary edges. Almost all rules (but those for Vloc edges
which change the value) have the same graph as left- and right-hand sides,
thus all the computation is performed through the synchronization mecha-
nism. Three event names are used: go for synchronizing actions, and get and
set for reading and changing the channel values.
Figures 7 and 8 show the rules for all the actions of the designs of the
running example. In general, the rule encoding action a : G(a) → ‖l∈D(a) l :=
E(a, l) will have G(a) as condition, an event go annotating the a-node if the
action is not private, an event get(x) annotating the xr-node if the value of
channel x is used in the guard or in an assignment, and an event set(E(a,l))
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124 119
c
a
bl
e
bo
ar
ds
a
a
c
1
p
lf
l
fl
i
fl
p
lf
l
i
t
a
ke
so
ff
a
c
2
a
0
de
p
s
p
a
s
s
fl
L
H
18
32
10
A
0
s s
e
a
t
p
a
s
s
e
n
ge
r
p
lf
l
L
H
18
32
A
T
R
50
0
0
s idp
la
ne
c
a
bl
e
vw
I
vr
vw
vr
vw
vr
vw
vval
vval
vval
sr
sw
seatr
seatw
passflr
passflw
I i
2i1
a
1
v
t
I i
1i2
V
lo
c vval
0
A
TR
50
0V
lo
cvr
vwidw
sr vr
vval
de
p
a
c
1
a
c
2
flr
sr
sw
0
V
lo
c
vr
vw
a
I
i2i1
ir
v
t
a
1
vval
I
vval
i2
i1
p
a
s
s
e
n
ge
r
c
he
ck
in
p
lf
lr
bo
ar
ds
LH
18
32
10
A
V
lo
c
V
lo
c
V
lo
c
0
v
t
a
1
V
in C1
v
s
a
0ir
a
c
a
bl
e
v
s
a
0
a
1
v
t
v
s
a
0
c
a
bl
e
V
in C1
a
0
v
s
V
lo
c vw
vr
LH
18
32 ta
ke
so
ff
i1
i2
p
lf
lw
p
lf
lr
lo
ad
_l
ug
sw
idr
p
la
ne
C
1
V
in C1
V
in
Fig. 6. An anchored conﬁguration (left) and its graphical representation (right).
annotating the lw-node, for each channel l ∈ D(a).
Figure 9 shows the rules for auxiliary edges. The rules for OR boxes force
simultaneous execution of the action connected to the a0-node with exactly
one of the actions connected to the other nodes. The rules for local boxes
allow to read and/or to modify (using events get and set) a channel value,
represented by the attributed vval-node. The rules for input and interface
boxes forward a channel value to make it available at a shared input channel.
Figure 10 shows the application of a parallel synchronized rule to the con-
ﬁguration of Figure 6. The left part shows the start graph where synchroniza-
tion nodes (drawn as gray hexagons) are annotated with the resulting event
(edges taking part to the rewriting are marked as double boxes). The applied
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124120
sr
plflr
plflw
idw
idr
plane
plflr
plflw
idw
idr
plane
plflr
plflw
idw
idr
plane
plflr
plflw
idw
idr
plane
takesoff
load_lug
sw
srget(s)
set(2) gotakesoff
load_lug
sw
sr
s=1
Prod_takesoff
set(1)
get(s) go
takesoff
load_lug
takesoff
load_lug
sw
sr
s=0
Prod_load_lug
sw
Prod_checkin
sr
sw
seatr
seatw
passflr
passflw
plflr
boards
checkin
sr
sw
seatr
seatw
passflr
passflw
plflr
boards
checkinsr
sw
seatr
seatw
passflr
passflw
get(s)
set(2) go
passengerpassenger
plflr
boards
checkin
s=1
Prod_boards
get(plfl)
goget(s)
set(1)
get(passfl)
passfl=plfl ^ s=0
passenger
sr
sw
seatr
seatw
passflr
passflw
plflr
boards
checkin
passenger
Fig. 7. Rules for actions of passenger and plane.
cable
ac2
flr
ac2
flr
ac1
sw
sr
dep
ac1
sw
sr
dep
set(1)
get(s) goac1
sw
sr
dep
s=0
Prod_ac1
set(2)
get(s) ac1
sw
sr
s=1
dep go
Prod_ac2
ac2
flr
flr
ac2 Prod_a
a
ir
true
go
cable
a
ir
Fig. 8. Rules for designs dep and cable.
rules are those for actions boards and ac1, and four for auxiliary edges.
Even if we did not elaborate a formal proof, a careful inspection of the
constructions we presented makes us conﬁdent that the following result holds.
Claim 5.1 (Correctness and completeness of the encoding) For an an-
chored CommUnity conﬁguration C, let G(C) be its graphical representation as
for Section 4, and let R be the Synchronized GTS including all rules for the
designs in C and all rules for auxiliary edges. Then G(C) ⇒R⊕ H using a par-
allel rule which contains the rules encoding the actions {a1, . . . , ak} for k > 0,
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124 121
an
a1
a2a0
go
a1
a2
go
go
go
go
go
a0
an
an
a1
a2a0
an
a1
a2a0
an
a1
a2a0
an
a1
a2a0 Cn
Cn
CnCn
Cn
Cn
x
vval
vr
vwVloc
vr
Vloc
vval
vr
vw
w
xx set(w)
The value of a variable is set to a new value w 
Vloc vw
vval
vrw
x
get(x)
The value x of a variable is read
Vloc vw
vval
vr
Vloc
vval
vr
vw
x
x
get(x)
set(w)
The value x is read and in parallel is set to a new value w
Vloc vw
vval
get(x)Vin vtvs Vin vtvsget(x)
I
get(x)i1 i2I i1 i2I
get(x) get(x)i1 i2I i1 i2
Fig. 9. Rules for auxiliary boxes.
if and only if in the colimit design of C the synchronized action 〈a1, . . . , ak〉
is enabled to ﬁre. Furthermore, if D is the anchored design resulting after the
ﬁring of the synchronized action, then D is a colimit of an anchored conﬁgu-
ration C ′ such that G(C ′) is isomorphic to H.
6 Conclusion and Future Work
We proposed a quite direct and intuitive graphical representation of Com-
mUnity conﬁgurations, and their operational semantics using synchronized
hyperedge rewriting. One advantage of the proposed encoding is that super-
position morphisms are explicitly represented using auxiliary edges. Some
preliminary investigations suggest that this makes possible to model general
reconﬁgurations as attributed graph transformation rules, possibly with Neg-
ative Application Conditions [5]. We intend to develop this further, and to
study the relationships with [9], where reconﬁguration is speciﬁed as condi-
tional double-pushout rules over conﬁguration diagrams.
Acknowledgement
We thank Jose´ Fiadeiro, Antonia Lopes and Michel Wermelinger for their
feedback about CommUnity.
References
[1] AGILE Project IST-2001-32747. The airport case study. Deliverable 4.1, 2003.
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124122
Fig. 10. Rewriting Step for Colimit action boardsAc1
[2] A. Corradini, U. Montanari, F. Rossi, H. Ehrig, R. Heckel, and M. Lo¨we. Algebraic Approaches
to Graph Transformation I: Basic Concepts and Double Pushout Approach. In [8], chapter 3.
World Scientiﬁc, 1997.
[3] F. Drewes, H.-J. Kreowski, and A. Habel. Hyperedge replacement graph grammars. In [8],
chapter 2. World Scientiﬁc, 1997.
[4] J. Fiadeiro and T. Maibaum. Categorical semantics of parallel program design. Science of
Computer Programming, 28:111–138, 1997.
[5] A. Habel, R. Heckel, and G. Taentzer. Graph grammars with negative application conditions.
Fundamenta Informaticae, 26(3–4):287–313, 1996.
[6] D. Hirsch. Graph Transformation Models for Software Architecture Styles. PhD thesis, Dept.
of Computer Science, Universidad de Buenos Aires, May 2003.
[7] M. Lo¨we, M. Korﬀ, and A. Wagner. An algebraic framework for the transformation of
attributed graphs. In Ronan Sleep, Rinus Plasmeijer, and Marko van Eekelen, editors, Term
Graph Rewriting: Theory and Practice, pages 185–199. John Wiley, New York, 1993.
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124 123
[8] G. Rozenberg, editor. Handbook of Graph Grammars and Computing by Graph
Transformation: Foundations, volume 1. World Scientiﬁc, 1997.
[9] M. Wermelinger and J. Fiadeiro. A graph transformation approach to software architecture
reconﬁguration. Science of Computer Programming, 44:133–155, 2002.
A. Corradini, D. Hirsch / Electronic Notes in Theoretical Computer Science 109 (2004) 111–124124
