Formalising System Structure Matthias Radestock and Susan Eisenbach Department of Computing Imperial College of Science, Technology and Medicine 180 Queen’s Gate, London SW7 2B2, United Kingdom E-mail: {M.Radestock,S.Eisenbach}@ic.ac.uk Abstract Darwin is a language designed for configuring dis- tributed systems. A system is modelled as a decompo- sitional hierarchy of components with interfaces. Con- nections are represented as bindings between inter- faces. Darwin programs define component types. Con- figurations of a system are obtained by instantiating these types. Configurations have to comply with a number of constraints on the system structure. It is therefore intuitive to express these constraints in the domain of configurations rather than on the language level. To succeed in this endeavour we need to pre- cisely express the relation between Darwin programs and configurations. We do this in terms of a first- order logic theory of Darwin programs and configura- tions. Models of the theory provide a straightforward mapping from Darwin programs to configurations and vice versa. Most of the constraints on configurations as well as structural transformations can be specified by adding just a few axioms to the theory. Also the theory enables us to generate Darwin programs from configurations thus allowing for the inclusion of exist- ing systems into new programs. 1 Introduction It has been observed in the Software Engineering community that systems which are constructed from a large number of components have organisational dif- ficulties [7, 14, 61. There is a real need for clear de- sign specifications of component based systems at this level. This is the level of the design which deals with the high-level organisation of computational elements and the interactions between those elements. We are concerned with the demonstration of sound- ness of the tools for the design and construction of distributed systems. We use structural configuration languages [12, 9, 111 as a means of specifying and man- aging system structure. Systems are constructed from components. The overall architecture of a system is described as a hierarchical composition of primitive components which at execution time may be located on distributed computers. There are a variety of dif- ferent configuration languages designed for a similar purpose such as Polylith [15], Durra [2] and LEAP [8]. This paper discusses the Darwin notation for spec- ifying this high-level organisation. Darwin is a declar- ative binding language which can be used to define hi- erarchic compositions of interconnected components. The language supports the specification of both static structures and dynamic structures which may evolve during execution. The central abstractions managed by Darwin are component types and interfaces. The structure of a system is obtained by hierarchically in- stantiating component types at run-time. Interfaces are the means by which components interact. It is im- portant to specify any programming language; with- out a formal specification a language is defined by its compiler. Even with the best intentions several com- pilers for a language will lead to several variants. The aim of this paper is to help formalise the definition of the Darwin programming language. The paper introduces the Darwin programming lan- guage and its representation in first order logic. The definitions and axioms of the logic representation form a theory. From this theory we derive notations of va- lidity for both programs and configurations as well as an important property of Darwin programs - a run- ning configuration can be extended without reqiring reconfiguration. The theory is extended to cover cur- rent in Darwin such as prevention of multicasting, unbound interfaces, circular binding and unbounded decomposition. We look at distinction between com- posite and primitive components and the flattening process which removes much of the structure of Dar- win programs in the corresponding configurations. We conclude with a discussion of how this work relates to previous work on a 7r-calculus model [16, 10, 4, 131. There has been some related work on a formal model for module interconnection languages presented in [18] by Rice and Seidman, but the focus of our paper 1063-6765196 $5.00 O1996IEEE Proceedings of IWSSD-8 95 Proceedings of the 8th International Workshop on Software Specification and Design (IWSSD '96) 1063-6765/96 $10.00 © 1996 IEEE