Revisiting Glue Expressiveness in Component-Based Systems

. We take a fresh look at the expressivity of BIP, a recent in-(cid:29)uential formal component model developed by J. Sifakis et al. We introduce a process calculus, called CAB, that models composite components as the combination of a glue (using BIP terminology) and subcomponents, and that constitutes a conservative extension of BIP with more dynamic forms of glues. We study the Turing completeness of CAB variants that di(cid:27)er only in their language for glues. We show that limiting the glue language to BIP glues su(cid:30)ces to obtain Turing-completeness, whereas removing priorities from the control language loses Turing-completeness. We also show that adding a simple form of dynamic component creation in the control language without priorities is enough to regain Turing completeness. These results complement those obtained on BIP, highlighting in particular the key role of priorities for expressivity.


Introduction
Component-based software engineering is by now well entrenched in various areas, from embedded systems to Web applications, and is supported by numerous standards, including UML.Its central tenet is that complex systems can be built by composing, or gluing together possibly independently developed components.
In their paper on glue expressiveness [3] Bliudze and Sifakis have proposed to look at the expressive power of glues or composition operators in an eort to assess the relative merits of dierent component frameworks with respect to their composition capabilities.In essence, the criterion they use to compare two sets G 1 and G 2 of composition operators is whether it is possible, given a family of primitive components B and an equivalence relation ∼ between these components, to nd, for a given operator g 1 ∈ G 1 , a corresponding operator g 2 ∈ G 2 such that all their compositions are equivalent, i.e. ∀B 1 , . . ., B n ∈ B : g 1 (B 1 , . . ., B n ) ∼ g 2 (B 1 , . . ., B n ).As a notable result, they showed that their BIP component framework, whose glues feature multiparty synchronization and priorities, is universal with respect to a family of operators dened by inference rules in a subset of the GSOS format.
This work, however, leaves open a number of questions, in particular regarding the form glues can take, and their intrinsic expressivity.Indeed, the notion of Research partially funded by ANR Project PiCoq, Fondation de Coopération Scientique Digiteo Triangle de la Physique, and Minalogic Project Mind.
glue in [3] is essentially a static one.One may legitimately argue in favor of more dynamic forms of composition, e.g. to allow the creation of new components or the replacement of existing ones to accommodate dierent forms of software update.Even without considering full dynamic reconguration, one may take into account changes in conguration or interconnection between components, e.g. to accommodate dierent modes of operation, where the notion of mode is loosely understood as a collection of execution states [9].It thus appears benecial to consider not just static glues but glue processes in their own right.
In the paper, we adopt this view: we model component assemblages as terms in a process calculus, called CAB (for Components And Behaviors).A component assemblage (or composite component) in CAB takes the form l[C 1 ; . . .; where l is the name of the composite, C 1 , . . ., C n are the subcomponents of the composite, i.e. the components that are glued together (using BIP terminology) in the assemblage, and B is the glue a term in a simple process calculus which we call the glue language.By construction, we recover BIP glues as essentially single state processes of our glue language.
With this view of glues as terms of a glue language, new expressivity questions arise, such as: 1. What is the expressivity of the resulting process calculus (in particular, if we restrict the glue language to terms corresponding to BIP glues only)?
2. What is the expressivity of the calculus if we remove the possibility of specifying priority constraints in the glue language ?
3. What is the expressivity of the calculus if we add more dynamic forms of control, such as component creation, in the glue language ?
In this paper we (begin to) answer these questions using classical Turingcompleteness as our benchmark for expressivity.Following BIP, the CAB calculus is parametric over a family P of primitive components.So if we considered a large enough family, these questions would be trivial.Instead, we restrict our primitive components to be given by terms from the glue language itself which form a strict non-Turing-complete subset of CCS so as to characterize the intrinsic expressivity of the glue language.The questions then become non-trivial, and we obtain answers that may even appear surprising.Indeed, we rst show that even with the restricted glue language consisting of static BIP glues only, the resulting variant of CAB is Turing-complete.Second, we show that this expressivity is lost if one restricts oneself to a subset of the glue language without priority constraints.These results conrms the expressive power of priorities, which was pointed out but not necessarily as clearly apparent in earlier works on BIP and process calculi with priorities.Finally, as a rst answer to the last question, we show that we recover Turing-completeness if we add a very simple form of component creation in our glue language without priorities.
To summarize, our contributions are the following: We introduce a new process calculus, CAB, that extends the BIP framework with dynamic composition (or glue) capabilities.
We demonstrate the expressiveness of priorities in the BIP framework by showing that BIP glues, composing simple CCS processes, is enough to obtain a Turing-complete language, and that Turing completeness is lost if we remove priorities.
We show that Turing-completeness can be retained if we introduce more dynamic aspects in the language, namely a simple form of component creation.
The paper is organized as follows.Section 2 introduces the CAB process calculus and denes its operational semantics in SOS style.Section 3 proves our rst result: CAB, restricted to a control language consisting of BIP glues, is Turing-complete.Section 4 proves our two other results: dropping priorities from CAB results in a non Turing-complete language; adding component creation to the control language without priorities is enough to regain Turing-completeness.
Section 5 concludes the paper and discusses some related works.

CAB: syntax and semantics
We introduce in this section the CAB process calculus.In order to explain its constructs, as well as to make its relationship with the BIP framework clear, we begin by recalling the denition of the latter.
The BIP framework.We rely on the description of the BIP framework provided by [2,3].A BIP component is simply a labeled transition system (LTS), whose labels are ports 1 .
Denition 1.A component is an LTS B = (Q, P, →) where 1. Q is a set of states 2. P is a set of ports 3. →⊆ Q × P × Q is a set of transitions.We use q a − → q to denote (q, a, q ) ∈→.
Components can be composed (glued) to form systems.A composition is given by a set of rules (the glue) that enforce synchronization and priority constraints among them.
Denition 2. A BIP system S that glues together n components B i = (Q i , P i , → i ) where ports and states are pairwise disjoint, is an LTS S = (Q, P, → S ) where Q = n i=1 Q i , P = n i=1 P i and where → S is a relation derivable as the least relation satisfying a nite set of rules 2 obeying the following format: 1 This is a dierence with the denition in [3], where labels are dened to be sets of ports.We have adopted labels as simple ports in this paper to simplify the presentation.Our results are not impacted by this decision, however, for our processes only have a xed nite number of distinct ports, so that we can always bijectively map a set of ports onto a single port. 2 The niteness of the set of rules dening a glue seems implicit in [3].
where I and J are sets of indexes in [1, n], B i = B i if I ∈ I, and I = ∅ (i.e.there is at least one positive premise).
Note that by denition there is at most one positive premise for each B i in a rule in BIP format.The key features of the BIP framework are: (i) the ability to build hierarchical components; (ii) the concept of an explicit entity (the glue) responsible for the composition of components; (iii) the support of multipoint synchronizations, manifested by the positive premises in glue rules; (iv) The presence of priority constraints, given by the negative premises in glue rules.
The CAB calculus.As indicated in the introduction, we retain for CAB the general structure of composite components suggested by the BIP framework: a component in CAB takes the form l[C 1 ; . . .; C n £ B], where l is the name of the component, C 1 , . . ., C n are its subcomponents and B is the glue.In contrast to glues in BIP, a glue in CAB can evolve over time, corresponding to changes in the synchronization and priority constraints among components, and is given by a term of a process calculus we call the glue language.We adopt in this paper a very simple glue language featuring: Action prex α.B, where α is an action, and B a continuation glue.The presence of action prex in our glue language allows the denition of dynamic glues.
Parallel composition B 1 B 2 , where B 1 and B 2 are two glues.The parallel composition of glues can be interpreted as an and operator combining the synchronization and priority constraints embodied by B 1 and B 2 .It is important to note that the two branches B 1 and B 2 in a parallel composition B 1 B 2 do not interact.Recursion recX.B, where X is a process variable, and B a glue.This allows the denition of glues with cyclic behaviors.
Formally, let N P = {a, b, c . . .} and N C = {h, k, l . . .} be denumerable sets of ports names and components names respectively.The CAB calculus is parametric over a set P of primitive components dened as labeled transition systems with labels in N P .We dene CAB(P ) processes as follows: Denition 3 (CAB).The set of CAB(P) processes is described by the following grammar, where P denotes an element of P: In order to simplify notation we write l : a instead of l : {a}, and a instead of l : a when it is clear from the context which component is providing event a.We abbreviate α.0 to α.We dene S.nm = l if S = l[P ] or S = l[C £ B] for some P, C, B (i.e. the function nm returns the name of an individual component S).
Actions in our glue language dier from those in classical process calculi, such as CCS, for they play dierent roles: they embody synchronization and priority

Rec
where Fig. 1: A labeled transition system semantics for CAB(P ).
constraints that apply to subcomponents in a composition, and they provide a form of label renaming.An action is a triplet of the form pr, tag, syn , where pr is a priority constraint (i.e.events in subcomponents which would preempt the synchronization syn), syn is a synchronization constraint (i.e.events to be synchronized between subcomponents), and tag is an event made visible by the composite as a result of a successful syn synchronization.Hence a glue B of the form {l : a}, t, {l 1 : c 1 , l 2 : c 2 } .B species a synchronization constraint between two subcomponents l 1 and l 2 : if the rst one is ready to perform event c 1 , and the other is ready to perform event c 2 , then the composition is ready to perform event t, provided that subcomponent l is not ready to perform event a.When the event t of the composite is performed (implying the two subcomponents l 1 and l 2 have performed events c 1 and c 2 , respectively), a new glue B is then put in place to control the behavior of the composite.Note that tag t can be either τ (which denotes an internal event) or a port (an event).Hence a tag t = τ results in a synchronization between subcomponents that takes place silently, with no implication from the environment of the composite.A tag t = τ subjects the evolution of the composite to the availability of an appropriate synchronization on t in the environment of the composite.
The operational semantics of CAB(P ) is dened as the least labeled transition relation derivable by the inference rules in Figure 1.Rules for parallel composition and recursion are dened as usual.Rules Beh and Tau dene the evolution of an aggregation of components inside a composite named l.Rule Beh stipulates that if a glue B is ready to perform an action pr, tag, {l 1 : a 1 , . . ., l n : a n } and components named l 1 , . . ., l n are ready to perform a 1 , . . ., a n respectively, then their composition is ready to perform action tag, provided priority constraint pr is satised.Having a priority constraint satised is dened as follows.
If pr = ∅ we are not imposing any priority policy on the synchronization.Similarly, with an action of the form pr, tag, ∅ there is no synchronization requirement, but the environment of the composite must be ready to perform tag in order for the system to evolve.
Encoding BIP.The operational semantics, and in particular rule Beh, above was dened so as to mimic very closely the capabilities of glues in BIP.We now clarify the relationship between CAB(P ) and BIP systems dened over a set P of components.We can encode a BIP glue G in CAB(P ) as follows.By denition, G is given by a nite set of rules r that obey the format given in Denition 2.
Let r be such a rule: r : where I and J are set of indexes in [1, n].The encoding r of rule r in CAB(P ) is dened as: By construction, we obtain: Theorem 2. BIP systems dened over a set P of components can be encoded in CAB(P): any BIP system S is strongly bisimilar to its encoding S . 3

Turing-completeness of CAB
In this section as in the rest of the paper, we work within CAB(∅), which, for simplicity, we denote CAB.We show the Turing-completeness of CAB by proving we can encode Minsky machines into it.This gives us a result on the intrinsic expressive power of the CAB glue language, in the sense that it does not depend on the presence of primitive components: we only construct component systems using glue language terms.Note that this is equivalent to considering 3 The parallel operator is commutative and associative modulo strong bisimilarity.The encoding.The encoding of Minsky machines in CAB, denoted • 1 , is given in Figure 3.We now give some intuitions on it.Given a Minsky machine M , we encode it as a system m.m contains three components: the two registers r 0 and r 1 , and the program counter.The instructions of the machine are encoded in the glue of m.Numbers inside registers are encoded in the glue as the parallel composition of as many occurrences of the unit process ∅, u j , ∅ as the number to be encoded.An increment simply adds an occurrence of the unit process ∅, u j , ∅ to the register.The decrement and jump is encoded as the parallel composition of the two branches.The decrement branch simply removes one occurrence of the unit process ∅, u j , ∅ , if such occurrence is available.The jump branch is guarded by the priority r j : u j .In other words, to be able to execute the jump, it is necessary to check that the register is indeed empty.If this is the case the program counter is updated accordingly.More formally, the encoding of a conguration in the Minsky machine is dened as follows: Denition 4. Let M be a Minsky machine and (k, m 0 , m 1 ) one of its congurations.The encoding of k, m 0 , m 1 1 is dened as where the encoding of registers and instructions is dened in Figure 3.
Notice that in order to synchronize at the same time p i and next i we have to duplicate the component representing the program counter.This does not introduce non determinism as only one instance of the action ∅, p i , ∅ is available at every step.
The correctness of the encoding follows by a case analysis on the type of instruction performed when the program counter reaches k.This is formalized by the following Lemma.
Lemma 1.Let M be a Minsky machine and (k, m 0 , m 1 ) one of its conguration Proof (Sketch).Here we show only that if (k, m 0 , m 1 ) −→ M (k , m 0 , m 1 ) then k, m 0 , m 1 1 −→ k , m 0 , m 1 1 when the k-th instruction is a decrement on register m 0 > 0. The other cases and the other direction are similar or simpler.
Then, from Denition 4, we have that where the k-th instruction is encoded as !∅, τ, {p k , u 0 , next k+1 } !r 0 : u 0 , τ, {p k , z 0 , next s } ) and m 0 = m 0 − 1, k = k + 1.In this case, the only possible evolution is the one that synchronizes the program counter p k , the unit u 0 inside register r 0 and next k+1 , evolving into the system: Now, it is easy to see that the system above corresponds to k , m 0 , m 1 1 .
By means of the previous lemma, we can state the operational correspondence between M and its encoding M 1 .Theorem 3. Let M be a Minsky machine and M 1 as dened in Denition 4. Then M halts with registers It is important to notice that our encoding relies on elementary components of the form l[0 £ B], which are glued together by glue terms which are essentially in BIP format, as discussed in Section 2. The above theorem gives us actually a stronger result which says that the subset of CAB where glues are restricted to be in BIP format, and where primitive components correspond to labeled transition systems given by elementary components of the form l[0 £ B], is Turing-complete.

Expressivity of CAB variants
We have shown that CAB is Turing powerful.We now investigate the sources of expressiveness in the language.The rst thing we show is that in the encoding given in Section 3 the presence of priorities is essential.Indeed we can prove that if we consider a fragment of CAB without priorities the resulting language is not Turing powerful anymore.This can be proven by providing an encoding into Petri nets, a well known non Turing-powerful model.

CAB without priorities
A Petri net (see e.g.[6]) is a tuple N = (P, T, m 0 ), where P and T are nite sets of places and transitions, respectively.A nite multiset over the set S of places is called a marking, and m 0 is the initial marking.We also dene how to build the graph of precedence of a glue B: Denition 6.Let l[C £ B] be a system in CAB.The graph of B, denoted with G(B) = (N odes(B), Edges(B)), is a directed graph, inductively dened as: Edges(B) = Edges(B 1 ) where every time we encounter X we add an edge to the nodes in top(B 1 ) Let n ∈ N odes(B), we denote with Adj(n) the list of nodes adjacent to n.
The idea is that every system is a Petri Net and the marking represents the components that are ready to interact at a given instant.Transitions mimic the semantics of CAB −p systems.The construction of the Petri Net is inductive on the hierarchy of components: let S = l S [S 1 ; . . .; S m £ B S ] be a system in CAB −p .We assume that k is the maximum number of levels of nesting in S. We decorate every location in S with the corresponding level of nesting in S, from 1 the innermost, to k the outermost level.
Let PN (S i ) = (P (S i ), T (S i ), m 0 (S i )) be the Petri Net for the subsystem S i for all i ∈ [1, m].PN (S) is built by taking: as set of places, the set of all places of the subnets for S 1 . . .S n plus all the nodes in the graph of the behavior B S : Notice that there is a bijection between nodes in the graphs of glues and the places in the Petri Net.Hence for every node n in the graph of glue located at l in level j there exists a distinctive place [l j : n] and vice-versa.
as set of transitions all the transitions of subnets PN (S 1 ) . . .PN (S n ) plus for all nodes ∅, tag, syn in N odes(B S ) where tag = τ we add a set of transitions that: • Take as precondition, recursively on the part syn of the nodes considered, all the places [l j : ∅, t, s ] for j ∈ [1, k − 1] and such that l : t appears in the synchronization part syn in one of the nodes.Notice that, this accounts in considering in a single transition all the components involved in a τ step: i.e. the places involved in the precondition correspond to all the leafs in the derivation tree of the τ step.• Take as postcondition all the places built from nodes in the adjacent list of all the nodes obtained by places in the preconditions.
For instance, consider the system here there is a single transition that takes as precondition the places: as initial marking, the initial marking of all subnets plus the nodes corresponding to the top level actions in B S : The correctness of the above construction follows by induction on the nesting of components.
Theorem 4. Let S = l S [S 1 ; . . .; S m £B S ] be a system in CAB −p , and PN (S) = (P (S), T (S), m 0 (S)) the corresponding Petri Net.Then S −→ S i there exists a marking m such that m 0 (S) ⇒ m and m is a marking that takes all the top level actions in S .
Proof.Here we show only the correctness direction, soundness is similar.Let S = l S [S 1 ; . . .; S m £B S ] be a system in CAB −p , and m 0 (S) the initial marking in the Petri Net constructed as described above.The proof proceeds by induction on the nesting of components in S. If S −→ S then we have that either rule Beh or Tau has been used.The case of Tau follows by inductive hypothesis.Instead if the τ step comes from Beh , we have that there exists an action ∅, τ, {a 1 . . .a n } at top level in B S .Moreover we have C i1 . . .C in components that are oering actions a 1 . . .a n respectively.Hence at top level in these components we have an action ∅, a ij , syn for j ∈ [1, n].Therefore, by construction we have a token in all these places and the transition can re, moving all tokens in the successors of the action: i.e. in all the nodes of the adjacency list, that by construction corresponds to the new action at top level in S .

Recovering expressiveness
We, now, introduce a new construct to CAB −p to recover the loss of expressive- ness due to the absence of priorities.We consider an operator that adds new components inside a system.To this aim, we add to Denition 3 the following production: B ::= new S with this operational semantics: Thanks to the interplay between the creation of new components and recursion we can re-obtain Turing equivalence.The result, similarly to the one in Section 3, is obtained by resorting to an encoding of Minsky machines.We proceed by giving some intuitions on the encoding given in Figure 4. Registers are encoded as a hierarchy of components that handle both the representation of the number and a mechanism to increment or decrement.The nesting of these components represents the number contained.At every instant, the mechanism controlling the register is placed in the innermost position.Thus, whenever an increment takes place, a new component is created inside the deepest level and all the control is transfered to the newly created object: this is the role of a[0 £ ∅, act j , ∅ ] which activates the current instance.On the contrary, in case of a decrement, the current instance is deactivated: i.e. it remains as garbage but it cannot be used anymore and a signal is passed to the upper component so to activate decrements and increments at the proper level of nesting.Notice, that in order to communicate with the active instance, it is necessary to equip every level of the nesting with a process F wd.This process is responsible for forwarding increment and decrement events to reach the component that controls the simulation of the computation.Without loss of generality, we assume that registers are initialized to zero.The following denition formalizes the encoding of a Minsky machine M : Denition 7. Let M be a Minsky machine with registers initialized to 0 and program counter set to 1: its encoding M 2 is where the encoding of registers and instructions is dened in Figure 4.   Similarly as before, the correctness of the encoding follows by a case analysis on the type of instruction performed when the program counter reaches k.Notice that, depending on the specic computation there can be components as a[a[0 £ 0] £ F wd IN C] oating in the system.Nevertheless this garbage can be ignored as it is never re-used: i.e. it cannot interact with the rest of the system.
Lemma 2. Let M be a Minsky machine and (k, m 0 , m 1 ) one of its conguration Proof (Sketch).Here we show only that if (k, m 0 , m 1 ) −→ M (k , m 0 , m 1 ) then k, m 0 , m 1 2 −→ k , m 0 , m 1 2 when the k-th instruction is a decrement on register m 0 > 0. The other cases and the other direction are similar or simpler.
We rst dene k, m 0 , m 1 2 , for the sake of simplicity we will not consider the occurrences of garbage objects, taking for grant that those will not interfere with the computation.
k, m 0 , m 1 2 :: where In this case, the only possible evolution is the one that synchronizes the program counter p k , the message dec 0 inside register r 0 and next k+1 , evolving into the system: Notice that the message on dec 0 will start a chain of synchronizations between components a[. . .] through the F wd event to reach the deepest component and then activate the real decrement.It is easy to conclude that the system above corresponds to k , m 0 , m 1 2 .
The previous lemma allows us to conclude: Theorem 5. Let M be a Minsky machine and M 2 as dened in Denition 7.
Then M halts with registers

Final Remarks
We have taken in this paper a decidedly process algebraic view of glues in component-based systems, introducing an alternate view, and an extension, of the BIP framework in the form of the CAB process calculus.We have studied the expressiveness of CAB, which gave us a way to characterize the intrinsic (i.e.not relatively to a predened family of components) expressive power of its glue language.We have shown that, while being very simple, the calculus is Turing-complete thanks mainly to the presence of priorities.As a matter of fact, we have shown that the fragment of CAB where priorities have been removed is only as expressive as Petri nets, which is a testament to the gain in expressive power obtained through the use of priorities.However expressiveness can be recovered in a calculus without priorities if dynamic operators are added to the language.
We have already discussed in the introduction the relations with the BIP framework and seen how the present paper brings new light on BIP expressiveness.Here we relate our paper to other works studying the expressiveness of multiparty synchronization or priority.Multiparty synchronization has been proposed in several process calculi.One of the rst proposals is CSP [7] where synchronization can take place among all processes that share a channel with the same name.A recent work by Laneve and Vitale [8] has shown that a calculus able to synchronize on n channels is strictly more expressive than one that can only synchronize up to n − 1 channels.[5] shows a similar result in the context of a concurrent logic calculus.In the current paper we have mostly shown the benet of priorities for expressiveness.However we suspect that multiparty synchronization is also important for expressiveness.In our two encodings of Minsky machines in Section 3 and in Section 4, we rely decisively on 3-way synchronization; whether it is absolutely required is a question for further study.
Several works tackle the problem of adding priority mechanisms in a process calculus [4].In [11] it has been shown that CCS enriched with a form of priority guards is strictly more expressive than CCS: essentially, it is possible to model the leader election problem in CCS with priorities, which is not the case with plain CCS.Analogously, [12] shows that a core calculus similar to CCS, if extended with several kinds of priorities, can model the leader election problem while the core calculus can not.Both these studies state the impossibility to encode the calculus with priorities in the plain calculus.In contrast, we show in this paper an absolute increase in expressiveness from Petri Nets to Minsky machines.
Closer to the present work is the paper in [1], where the authors show that CCS without restriction, and with replication instead of recursion, can be encoded into Petri Nets while the same calculus enriched with priorities and a weak form of restriction is Turing-powerful.Compared to [1] we are considering recursive processes instead of replicated ones thus the drop of expressiveness when not using priorities is stronger in our case.
As for future work, we plan to investigate other, more involved, forms of dynamic conguration of components.Moreover we are interested in understanding if our result of Turing completeness can be related to the ability of simulating all recursively enumerable LTSs thus making unnecessary the presence of the parameter P in the full calculus CAB(P ).
Given a marking m and a place p, we say that the place p contains m(p) tokens in the marking m if there are m(p) occurrences of p in the multiset m.A transition is a pair of markings written in the form m ⇒ m .The marking m of a Petri net can be modied by means of transitions ring: a transition m ⇒ m can re if m(p) ≥ m (p) for every place p ∈ S; upon transition ring the new marking of the net becomes n = (m \ m ) m where \ and are the dierence and union operators for multisets, respectively.This is written as m → n.We denote the fragment of CAB without priorities as CAB −p .This fragment is obtained by replacing production Act, T ag, Act with ∅, T ag, Act in Denition 3. Before presenting the encoding into Petri Nets, we introduce some more terminology: we dene a notion of top level actions in the glue of a component.Denition 5 (top).Let l[C £ B] be a system in CAB.top(B) is dened inductively on the structure of the glue B as follows: top(0) = top(X) ::= ∅ top( pr, tag, syn .B) ::= { pr, tag, syn } top(recX.B) ::= top(B) top(B 1 B 2 ) ::= top(B 1 ) ∪ top(B 2 ) B 2 ) ::= N odes(B) = N odes(B 1 ) ∪ N odes(B 2 ), Edges(B) = Edges(B 1 ) ∪ Edges(B 2 ) G(recX.B 1 ) ::= N odes(B) = N odes(B 1 )