Flexible Invariants Through Semantic Collaboration

Modular reasoning about class invariants is challenging in the presence of dependencies among collaborating objects that need to maintain global consistency. This paper presents semantic collaboration: a novel methodology to specify and reason about class invariants of sequential object-oriented programs, which models dependencies between collaborating objects by semantic means. Combined with a simple ownership mechanism and useful default schemes, semantic collaboration achieves the flexibility necessary to reason about complicated inter-object dependencies but requires limited annotation burden when applied to standard specification patterns. The methodology is implemented in AutoProof, our program verifier for the Eiffel programming language (but it is applicable to any language supporting some form of representation invariants). An evaluation on several challenge problems proposed in the literature demonstrates that it can handle a variety of idiomatic collaboration patterns, and is more widely applicable than the existing invariant methodologies.Comment: 22 page

Towards an aspect weaving BPEL engine

This position paper proposes the use of dynamic aspects and the visitor design pattern to obtain a highly configurable and extensible BPEL engine. Using these two techniques, the core of this infrastructural software can be customised to meet new requirements and add features such as debugging, execution monitoring, or changing to another Web Service selection policy. Additionally, it can easily be extended to cope with customer-specific BPEL extensions. We propose the use of dynamic aspects not only on the engine itself but also on the workflow in order to tackle the problems of Web Service hot deployment and hot fixes to long running processes. In this way, composing aWeb Service "on-the-fly" means weaving its choreography interface into the workflow

Attending responding becoming : a living-learning inquiry in a naturally inclusional playspace

Traditional scientific paradigms emphasise writing in the third person, effectively marginalising the subjective perspective of the researcher. Many systems thinking, cybernetics and complexity approaches are better in this regard, as they involve systemic interventions where the relationships between the researcher and other participants really matter. Writing in the first person therefore becomes acceptable.In this Thesis (and a partner document coupled with it), I have explored how to reincorporate subjective empiricism into my systemic intervention practice. This has brought forth many unanticipated contributions. These take the form of new frameworks, concepts and approaches for systems and complexity practice, emerging from my engagements with myself and others, as well as from reflections upon those engagements.However, the content of my reflections and ‘becomings’ are not all that represent my doctoral contribution; there is also the form of my representation(s), as well as the emergent nature of the process through which they have come to be. I have drawn from Gregory Bateson’s use of metalogues: where the nature of a conversation mirrors its content – e.g. getting into a muddle whilst talking about muddles! Intuitively, I grasped the importance of metalogue in what I was attempting, and found myself coining the term metalogic coherence. Without fully appreciating what this might mean in practice, I groped my way into undertaking and documenting my research in ways that I believed would be metalogically coherent with the complexity-attuned principles to which I was committing. In sum, and key to appreciating what unfolds in the narrative, is recognising this Thesis and its partner document as metalogically coherent artefacts of naturally inclusional, complexity-attuned, evolutionary research.To fully acknowledge the different ways of knowing that have flowed into my inquiry, I have written in multiple voices (called statewaves, for reasons to be explained in the thesis). I found myself shifting from one voice to another as I explored and expressed different dimensions of what I was experiencing and discovering.In addition, I have made liberal use of hyperlinks, so both documents are far from linear. They are more akin to a mycorrhizal network, interlinking flows of ideas and sensemaking, all of which can be accessed and experienced differently, depending on each reader’s engagement with and through it.The thesis and its partner document are part of a composite submission that contains both poetry and artwork (visual depictions and animations of the ideas). These elements, along with the more conventional academic text, are augmented by penetrating reflections on my personal motivations, guided by a narrator signposting the streams as they flow into and between each other. All of my being has been implicated and impacted by this endeavour. When insights and new ‘becomings’ emerged flowfully during my practice, my joy was reflected in my narrative; as indeed were my pain, doubts and reinterpretations associated with ideas that were difficult to birth. I present all this in my submission, without retrospective sanitisation or simplification. In so doing, I am keeping faith with the principle that I remain at the heart of my research, and cannot be extracted from it without doing violence to the metalogical coherence that gives it meaning

Programming and Proving with Distributed Protocols

Distributed systems play a crucial role in modern infrastructure, but are notoriously difficult to implement correctly. This difficulty arises from two main challenges: (a) correctly implementing core system components (e.g., two-phase commit), so all their internal invariants hold, and (b) correctly composing standalone system components into functioning trustworthy applications (e.g., persistent storage built on top of a two-phase commit instance). Recent work has developed several approaches for addressing (a) by means of mechanically verifying implementations of core distributed components, but no methodology exists to address (b) by composing such verified components into larger verified applications. As a result, expensive verification efforts for key system components are not easily reusable, which hinders further verification efforts. In this paper, we present Disel, the first framework for implementation and compositional verification of distributed systems and their clients, all within the mechanized, foundational context of the Coq proof assistant. In Disel, users implement distributed systems using a domain specific language shallowly embedded in Coq and providing both high-level programming constructs as well as low-level communication primitives. Components of composite systems are specified in Disel as protocols, which capture system-specific logic and disentangle system definitions from implementation details. By virtue of Disel’s dependent type system, well-typed implementations always satisfy their protocols’ invariants and never go wrong, allowing users to verify system implementations interactively using Disel’s Hoare-style program logic, which extends state-of-the-art techniques for concurrency verification to the distributed setting. By virtue of the substitution principle and frame rule provided by Disel’s logic, system components can be composed leading to modular, reusable verified distributed systems. We describe Disel, illustrate its use with a series of examples, outline its logic and metatheory, and report on our experience using it as a framework for implementing, specifying, and verifying distributed systems

Dualities in international management: exploring the role of managers as organizers of standardization/adaptation

In the international context, managers often face a contradictory imperative to organize the interpretive frames and actions of teams towards standardization/adaptation (a duality). Current etic approaches, entity perspectives, and variance models used to understand this phenomenon are limitative. Three inductive studies explore the role of managers from process perspectives and draw on theories of duality, sensemaking, and routines, to develop insights on how managers enact the work environment, use dynamic interpretations over time, and combine routinized and non-routinized behaviors to address the duality. The studies contribute to an open dialogue among different theoretical perspectives, opening new avenues for research

Holistic specifications for robust programs

Functional specifications describe what program components can do: the sufficient conditions to invoke components' operations. They allow us to reason about the use of components in a closed world setting, where components interact with known client code, and where the client code must establish the appropriate pre-conditions before calling into a component. Sufficient conditions are not enough to reason about the use of components in an \emph{open world} setting, where components interact with external code, possibly of unknown provenance, and where components may evolve over time. In this open world setting, we must also consider the possible external code. \emph{necessary} conditions, i.e, what are the conditions without which an effect will not happen. In this paper we propose the Chainmail specification language for writing {holistic specifications that focus on necessary conditions (as well as sufficient conditions). We give a formal semantics for \Chainmail, and discuss several examples. The core of \Chainmail has been mechanised in the Coq proof assistant