Supporting Verification-Driven Incremental Distributed Design of Components Claudio Menghi 1(B ) , Paola Spoletini 2 , Marsha Chechik 3 , and Carlo Ghezzi 4 1 Chalmers | University of Gothenburg, Gothenburg, Sweden claudio.menghi@gu.se 2 Kennesaw State University, Marietta, USA pspoleti@kennesaw.edu 3 University of Toronto, Toronto, Canada chechik@cs.toronto.edu 4 Politecnico di Milano, Milan, Italy carlo.ghezzi@polimi.it Abstract. Software systems are usually formed by multiple components which interact with one another. In large systems, components them- selves can be complex systems that need to be decomposed into multiple sub-components. Hence, system design must follow a systematic app- roach, based on a recursive decomposition strategy. This paper proposes a comprehensive verification-driven framework which provides support for designers during development. The framework supports hierarchi- cal decomposition of components into sub-components through formal specification in terms of pre- and post-conditions as well as independent development, reuse and verification of sub-components. 1 Introduction Software is usually not a monolithic product: it is often comprised of multiple components that interact with each other to provide the desired functional- ity. Components themselves can be complex, requiring their own decomposition into sub-components. Hence, system design, must follow a systematic approach, based on a recursive decomposition strategy that yields a modular structure. A good decomposition and a careful specification should allow components and sub-components to be developed in isolation by different development teams, delegated to third parties [32], or reused off-the-shelf. In this context, guaranteeing correctness of the system under development becomes particularly challenging because of the intrinsic tension between two main requirements. On the one hand, to handle complexity, we need to enable development of sub-components where only a partial view of the system is avail- able [28]. On the other hand, we must ensure that independently developed and verified (sub-)components can be composed to guarantee global correctness of c  The Author(s) 2018 A. Russo and A. Sch¨ urr (Eds.): FASE 2018, LNCS 10802, pp. 169–188, 2018. https://doi.org/10.1007/978-3-319-89363-1_10