Previous: , Up: Defensive Design   [Contents][Index]

7.3 Armoring

An armor is a defensive layer of components that protects the armored components who rely on their interface contracts from any behavior which would violate those contracts. An armoring component can be developed in Dezyne itself by creating a permissive interface from the strict interface behavior and letting the armor component map one behavior onto the other making sure the permissive behavior never violates the strict behavior.

The example below shows a simple but strict interface istrict and a permissive interface ipermissive that share the same event alphabet. The permissive interface is used on both sides of the armored_system. The system connects each permissive interface to a dedicated armor component, one for the top of the system and one for the bottom. Both protecting the inside component called middle. 

interface istrict
{
  in void request();
  in void cancel();
  out void notify();

  behavior
  {
    bool idle = true;
    [idle]
    {
      on request: idle = false;
    }
    [!idle]
    {
      on cancel: idle = true;
      on inevitable: {idle = true; notify;}
    }
  }
}

interface ipermissive // derives from istrict
{
  in void request();
  in void cancel();
  out void notify();

  behavior
  {
    on request: {}
    on cancel: {}
    on optional: notify;
  }
}

component armored_system // is permissive, but armored
{
  provides ipermissive p;
  requires ipermissive r;

  system
  {
    p <=> ta.p;
    top_armor ta;

    ta.r <=> m.p;
    middle m; // the soft but strict middle
    m.r <=> ba.p;

    bottom_armor ba;
    watchdog w;
    ba.w <=> w.w;
    ba.r <=> r;
  }
}

component top_armor
{
  provides ipermissive p;
  requires istrict r;

  behavior
  {
    bool idle = true;
    [idle]
    {
      on p.request(): {idle = false; r.request();}
      on p.cancel(): {}
    }
    [!idle]
    {
      on p.request(): {}
      on p.cancel(): {idle = true; r.cancel();}
      on r.notify(): {idle = true; p.notify();}
    }
  }
}

component middle // a trivial proxy, see what happens with 2.17.0
{
  provides istrict p;
  requires istrict r;

  behavior
  {
    bool idle = true;
    [idle] {
      on p.request(): {r.request(); idle = false;}
    }
    [!idle] {
      on p.cancel(): {r.cancel(); idle = true;}
      on r.notify(): {p.notify(); idle = true;}
    }
  }
}

component bottom_armor
{
  provides istrict p;
  requires ipermissive r;
  requires iwatchdog w;

  behavior
  {
    bool idle = true;
    [idle]
    {
      on p.request(): {idle = false; w.set(); r.request();}
      on r.notify(): {}
    }
    [!idle]
    {
      on p.cancel(): {idle = true; w.cancel(); r.cancel();}
      on r.notify(),
         w.timeout(): {idle = true; w.cancel(); p.notify();}
    }
  }
}

interface iwatchdog
{
  in void set();
  in void cancel();
  out void timeout();

  behavior
  {
    bool idle = true;
    [idle]
    {
      on set: idle = false;
    }
    [!idle]
    {
      on cancel: idle = true;
      on inevitable: timeout;
    }
  }
}

component watchdog
{
  provides iwatchdog w;
}

Previous: , Up: Defensive Design   [Contents][Index]