Advanced Design Concepts for Open Distributed Systems Development

Experience with the engineering of large scale open distributed systems has shown that their design should be specified at several well-defined levels of abstraction, in which each level aims at satisfying specific user, architectural, and implementation needs. Therefore, designers should dispose of a comprehensive design methodology, which allows them to conceive a specification at a certain abstraction level and transform this specification into a conforming specification at a lower abstraction level. The collection of these transformations should abridge the total design trajectory from initial user requirements to final implementation. The authors present and discuss some advanced design concepts that provide a basis for such a design methodolog

Weak Markovian Bisimulation Congruences and Exact CTMC-Level Aggregations for Concurrent Processes

We have recently defined a weak Markovian bisimulation equivalence in an integrated-time setting, which reduces sequences of exponentially timed internal actions to individual exponentially timed internal actions having the same average duration and execution probability as the corresponding sequences. This weak Markovian bisimulation equivalence is a congruence for sequential processes with abstraction and turns out to induce an exact CTMC-level aggregation at steady state for all the considered processes. However, it is not a congruence with respect to parallel composition. In this paper, we show how to generalize the equivalence in a way that a reasonable tradeoff among abstraction, compositionality, and exactness is achieved for concurrent processes. We will see that, by enhancing the abstraction capability in the presence of concurrent computations, it is possible to retrieve the congruence property with respect to parallel composition, with the resulting CTMC-level aggregation being exact at steady state only for a certain subset of the considered processes.Comment: In Proceedings QAPL 2012, arXiv:1207.055

Imperfect-Recall Abstractions with Bounds in Games

Imperfect-recall abstraction has emerged as the leading paradigm for practical large-scale equilibrium computation in incomplete-information games. However, imperfect-recall abstractions are poorly understood, and only weak algorithm-specific guarantees on solution quality are known. In this paper, we show the first general, algorithm-agnostic, solution quality guarantees for Nash equilibria and approximate self-trembling equilibria computed in imperfect-recall abstractions, when implemented in the original (perfect-recall) game. Our results are for a class of games that generalizes the only previously known class of imperfect-recall abstractions where any results had been obtained. Further, our analysis is tighter in two ways, each of which can lead to an exponential reduction in the solution quality error bound. We then show that for extensive-form games that satisfy certain properties, the problem of computing a bound-minimizing abstraction for a single level of the game reduces to a clustering problem, where the increase in our bound is the distance function. This reduction leads to the first imperfect-recall abstraction algorithm with solution quality bounds. We proceed to show a divide in the class of abstraction problems. If payoffs are at the same scale at all information sets considered for abstraction, the input forms a metric space. Conversely, if this condition is not satisfied, we show that the input does not form a metric space. Finally, we use these results to experimentally investigate the quality of our bound for single-level abstraction

Modular, Fully-abstract Compilation by Approximate Back-translation

A compiler is fully-abstract if the compilation from source language programs to target language programs reflects and preserves behavioural equivalence. Such compilers have important security benefits, as they limit the power of an attacker interacting with the program in the target language to that of an attacker interacting with the program in the source language. Proving compiler full-abstraction is, however, rather complicated. A common proof technique is based on the back-translation of target-level program contexts to behaviourally-equivalent source-level contexts. However, constructing such a back- translation is problematic when the source language is not strong enough to embed an encoding of the target language. For instance, when compiling from STLC to ULC, the lack of recursive types in the former prevents such a back-translation. We propose a general and elegant solution for this problem. The key insight is that it suffices to construct an approximate back-translation. The approximation is only accurate up to a certain number of steps and conservative beyond that, in the sense that the context generated by the back-translation may diverge when the original would not, but not vice versa. Based on this insight, we describe a general technique for proving compiler full-abstraction and demonstrate it on a compiler from STLC to ULC. The proof uses asymmetric cross-language logical relations and makes innovative use of step-indexing to express the relation between a context and its approximate back-translation. The proof extends easily to common compiler patterns such as modular compilation and it, to the best of our knowledge, it is the first compiler full abstraction proof to have been fully mechanised in Coq. We believe this proof technique can scale to challenging settings and enable simpler, more scalable proofs of compiler full-abstraction

Exploring the Abstraction Levels of Design Principles: The Case of Chatbots

Formulating design principles is the primary mechanism to codify design knowledge which elevates its meaning to a general level and applicability. Although we can observe a great variety of abstraction levels in available design principles, spanning from more situated to more generic levels, there is only limited knowledge about the corresponding (dis-)advantages of using a certain level of abstraction. That is problematic because it hinders researchers in making informed decisions regarding the (intended) level of abstraction and practitioners in being oriented whether the principles are already contextualized or still require effort to apply them within their situation. Against this backdrop, this paper (1) explores different abstraction levels of design principles based on a sample of 69 principles from the chatbot domain, as well as (2) provides a preliminary positioning framework and lessons learned. We aim to complement methodological guidance and strengthen the principles\u27 applicability, ultimately leading to knowledge reuse

Hurford Conditionals

Compare the following conditionals: 'If John is not in Paris, he is in France' versus 'If John is in France, he is not in Paris.' The second sounds entirely natural, whereas the first sounds quite strange. This contrast is puzzling, because these two conditionals have the same structure at a certain level of logical abstraction, namely 'If ¬p+, then p.' We argue that existing theories of informational oddness do not distinguish between these conditionals. We do not have an account of the divergence in judgments about the two, but we think this is a fascinating puzzle which we pose here in the hope others will be able to solve it

A Coordination Language for Databases

We present a coordination language for the modeling of distributed database applications. The language, baptized Klaim-DB, borrows the concepts of localities and nets of the coordination language Klaim but re-incarnates the tuple spaces of Klaim as databases. It provides high-level abstractions and primitives for the access and manipulation of structured data, with integrity and atomicity considerations. We present the formal semantics of Klaim-DB and develop a type system that avoids potential runtime errors such as certain evaluation errors and mismatches of data format in tables, which are monitored in the semantics. The use of the language is illustrated in a scenario where the sales from different branches of a chain of department stores are aggregated from their local databases. Raising the abstraction level and encapsulating integrity checks in the language primitives have benefited the modeling task considerably

Report on the formal specification and partial verification of the VIPER microprocessor

The formal specification and partial verification of the VIPER microprocessor is reviewed. The VIPER microprocessor was designed by RSRE, Malvern, England, for safety critical computing applications (e.g., aircraft, reactor control, medical instruments, armaments). The VIPER was carefully specified and partially verified in an attempt to provide a microprocessor with completely predictable operating characteristics. The specification of VIPER is divided into several levels of abstraction, from a gate-level description up to an instruction execution model. Although the consistency between certain levels was demonstrated with mechanically-assisted mathematical proof, the formal verification of VIPER was never completed

Leibniz and Probability in the Moral Domain

Leibniz’s account of probability has come into better focus over the past decades. However, less attention has been paid to a certain domain of application of that account, that is, the application of it to the moral or ethical domain—the sphere of action, choice and practice. This is significant, as Leibniz had some things to say about applying probability theory to the moral domain, and thought the matter quite relevant. Leibniz’s work in this area is conducted at a high level of abstraction. It establishes a proof of concept, rather than concrete guidelines for how to apply calculations to specific cases. Still, this highly abstract material does allow us to begin to construct a framework for thinking about Leibniz’s approach to the ethical side of probability