Contracts for System Design

Systems design has become a key challenge and differentiating factor over the last decades for system companies. Aircrafts, trains, cars, plants, distributed telecommunication military or health care systems, and more, involve systems design as a critical step. Complexity has caused system design times and costs to go severely over budget so as to threaten the health of entire industrial sectors. Heuristic methods and standard practices do not seem to scale with complexity so that novel design methods and tools based on a strong theoretical foundation are sorely needed. Model-based design as well as other methodologies such as layered and compositional design have been used recently but a unified intellectual framework with a complete design flow supported by formal tools is still lacking albeit some attempts at this framework such as Platform-based Design have been successfully deployed. Recently an "orthogonal" approach has been proposed that can be applied to all methodologies proposed thus far to provide a rigorous scaffolding for verification, analysis and abstraction/refinement: contractbased design. Several results have been obtained in this domain but a unified treatment of the topic that can help in putting contract-based design in perspective is still missing. This paper intends to provide such treatment where contracts are precisely defined and characterized so that they can be used in design methodologies such as the ones mentioned above with no ambiguity. In addition, the paper provides an important link between interfaces and contracts to show similarities and correspondences. Examples of the use of contracts in design are provided as well as in depth analysis of existing literature.Cet article fait le point sur le concept de contrat pour la conception de systèmes. Les contrats que nous proposons portent, non seulement sur des propriétés de typage de leurs interfaces, mais incluent une description abstraite de comportements. Nous proposons une méta-théorie, ou, si l'on veut, une théorie générique des contrats, qui permet le développement séparé de sous-systèmes. Nous montrons que cette méta-théorie se spécialise en l'une ou l'autre des théories connues

Efficient Contracts for Carbon Credits from Reforestation Projects

This paper tackles the complex issue of how buyers and sellers within a domestic carbon credit system designed to include regenerating indigenous forest would optimally design contracts for trades of the new good, "carbon sink credits". The paper begins by briefly defining the constraints that sink projects must meet. This implicitly shows the freedom we have in designing contracts. In the context of a simple numerical example I discuss the constraints that the market puts on contracts. In particular I consider the interests of the buyers and sellers, and how they can maximise and share gains through contract design. I outline the sources of risk and discuss who has advantages in dealing with these risks. The best contract designs impose the risk on those most able to address or absorb it. I illustrate the potential gains from sink contracts with a range of conditions and contracts.

Layering Assume-Guarantee Contracts for Hierarchical System Design

Specifications for complex engineering systems are typically decomposed into specifications for individual subsystems in a manner that ensures they are implementable and simpler to develop further. We describe a method to algorithmically construct component specifications that implement a given specification when assembled. By eliminating variables that are irrelevant to realizability of each component, we simplify the specifications and reduce the amount of information necessary for operation. We parametrize the information flow between components by introducing parameters that select whether each variable is visible to a component. The decomposition algorithm identifies which variables can be hidden while preserving realizability and ensuring correct composition, and these are eliminated from component specifications by quantification and conversion of binary decision diagrams to formulas. The resulting specifications describe component viewpoints with full information with respect to the remaining variables, which is essential for tractable algorithmic synthesis of implementations. The specifications are written in TLA + , with liveness properties restricted to an implication of conjoined recurrence properties, known as GR(1). We define an operator for forming open systems from closed systems, based on a variant of the “while-plus” operator. This operator simplifies the writing of specifications that are realizable without being vacuous. To convert the generated specifications from binary decision diagrams to readable formulas over integer variables, we symbolically solve a minimal covering problem. We show with examples how the method can be applied to obtain contracts that formalize the hierarchical structure of system design

EFFICIENT CONTRACTS FOR CARBON CREDITS FROM REFORESTATION PROJECTS

This paper tackles the complex issue of how buyers and sellers within a domestic carbon credit system designed to include regenerating indigenous forest would optimally design contracts for trades of the new good, “carbon sink credits”. The paper begins by briefly defining the constraints that sink projects must meet. This implicitly shows the freedom we have in designing contracts. In the context of a simple numerical example I discuss the constraints that the market puts on contracts. In particular I consider the interests of the buyers and sellers, and how they can maximise and share gains through contract design. I outline the sources of risk and discuss who has advantages in dealing with these risks. The best contract designs impose the risk on those most able to address or absorb it. I illustrate the potential gains from sink contracts with a range of conditions and contracts.climate, contracts, carbon credits, reforestation, projects

Testing software based on design by contract

In the last decade, several proposals have been done for construction of aspectoriented system for testing software products. The article presents results from design and development of a new aspect-oriented system for testing software created in Java 5 as an open source project named CodeContract, by using Design by Contract methodology. The system provides means of describing contracts and conditions during the design of software systems that should be satisfied during the system work process. Various conditions used in the contracts are able to be defined by means of preconditions, post-conditions and invariants. In order to describe these conditions in contracts, Java annotations are used. When using the Code- Contract system, contracts should be created during the development of software application. Then runtime checks of contracts are executed during the testing of the software applicatio

Composition of behavioural assume-guarantee contracts

The growing complexity of modern engineering systems necessitates a method for design and analysis that is inherently modular. Methods based on using contracts for system design have successfully tackled this issue for a variety of system classes, but mostly in the context of discrete software systems. Motivated by this, we present assume-guarantee contracts for continuous linear dynamical systems with inputs and outputs. Such contracts serve as system specifications through two aspects. The assumptions specify the dynamic behaviour of the environment of the system, which provides inputs for it, while the guarantees specify the desired dynamic behaviour of the output of the system when interconnected with a relevant environment. This is formalized by utilizing the behavioural approach to system theory. We define and characterize notions of contract implementation and contract refinement, where the latter is used to compare contracts. We also define and characterize two notions of contract composition that allow one to reason about two types of system interconnections: series and feedback. The properties of refinement and composition allow contracts to be used for modular design and analysis.</p

Optimal congestion treatment for bilateral electricity trading

How to treat transmission constraints in electricity markets that are not based on a pool but on bilateral trading? Three approaches are currently discussed: First, the system operator resolves constraints and socialises costs; second, physical transmission contracts; third, locational charging with the option of financial hedging. Socialisation of costs for constraint resolution results in inefficient dispatch and incorrect incentives for investment in generation. Physical contracts and locational charging designs have identical properties in a very simplified model world, but differ if transaction costs, illiquid markets and uncertainty about demand are considered. Physical transmission contracts are best designed as zonal access rights, but have to be centrally administered to be efficient. Only locational charging can cope with uncertainty and volatility of electricity demand efficiently and non-discriminatory. Qualitative arguments allow ranking of designs involving physical contracts and locational charging. Comparison with a system operator socialising costs requires network specific analysis.Electricity Networks, Constraint Management, Market Design, Bilateral Trading

Semantic Component Composition

Building complex software systems necessitates the use of component-based architectures. In theory, of the set of components needed for a design, only some small portion of them are "custom"; the rest are reused or refactored existing pieces of software. Unfortunately, this is an idealized situation. Just because two components should work together does not mean that they will work together. The "glue" that holds components together is not just technology. The contracts that bind complex systems together implicitly define more than their explicit type. These "conceptual contracts" describe essential aspects of extra-system semantics: e.g., object models, type systems, data representation, interface action semantics, legal and contractual obligations, and more. Designers and developers spend inordinate amounts of time technologically duct-taping systems to fulfill these conceptual contracts because system-wide semantics have not been rigorously characterized or codified. This paper describes a formal characterization of the problem and discusses an initial implementation of the resulting theoretical system.Comment: 9 pages, submitted to GCSE/SAIG '0

Interacting Components

SystemCSP is a graphical modeling language based on both CSP and concepts of component-based software development. The component framework of SystemCSP enables specification of both interaction scenarios and relative execution ordering among components. Specification and implementation of interaction among participating components is formalized via the notion of interaction contract. The used approach enables incremental design of execution diagrams by adding restrictions in different interaction diagrams throughout the process of system design. In this way all different diagrams are related into a single formally verifiable system. The concept of reusable formally verifiable interaction contracts is illustrated by designing set of design patterns for typical fault tolerance interaction scenarios