A relational trace logic for simple hierarchical actor-based component systems

Abstract

We present a logic for proving functional properties of concurrent component-based systems. A component is either a single actor or a group of dynamically created actors. The component hierarchy is based on the actor creation tree. The actors work concurrently and communicate asynchronously. Each actor is an instance of an actor class. An actor class determines the behavior of its instances. We assume that specifications of the behavior of the actor classes are available. The logic allows deriving properties of larger components from specifications of smaller components hierarchically. The behavior of components is expressed in terms of traces where a trace is a sequence of events. A component specification relates traces of input events to traces of output events. Generalizing Hoare-like logics from states to traces and from statements to components, we write {p} C {q} to mean that if an input trace satisfies p, component C produces output traces satisfying q; that is, p and q are assertions over traces. Such specifications are partial in that they only specify the reaction of C to input traces satisfying p. This paper develops the trace semantics and specification technique for actor-based component systems, presents important proof rules, proves soundness of the rules, and illustrates the interplay between the trace semantics, the specification technique and the proof rules by an example derived from an industrial Erlang case study.