10,057 research outputs found
Flexible Invariants Through Semantic Collaboration
Modular reasoning about class invariants is challenging in the presence of
dependencies among collaborating objects that need to maintain global
consistency. This paper presents semantic collaboration: a novel methodology to
specify and reason about class invariants of sequential object-oriented
programs, which models dependencies between collaborating objects by semantic
means. Combined with a simple ownership mechanism and useful default schemes,
semantic collaboration achieves the flexibility necessary to reason about
complicated inter-object dependencies but requires limited annotation burden
when applied to standard specification patterns. The methodology is implemented
in AutoProof, our program verifier for the Eiffel programming language (but it
is applicable to any language supporting some form of representation
invariants). An evaluation on several challenge problems proposed in the
literature demonstrates that it can handle a variety of idiomatic collaboration
patterns, and is more widely applicable than the existing invariant
methodologies.Comment: 22 page
Recommended from our members
Towards an aspect weaving BPEL engine
This position paper proposes the use of dynamic aspects and
the visitor design pattern to obtain a highly configurable and
extensible BPEL engine. Using these two techniques, the
core of this infrastructural software can be customised to
meet new requirements and add features such as debugging,
execution monitoring, or changing to another Web Service
selection policy. Additionally, it can easily be extended to
cope with customer-specific BPEL extensions. We propose
the use of dynamic aspects not only on the engine itself
but also on the workflow in order to tackle the problems of
Web Service hot deployment and hot fixes to long running
processes. In this way, composing aWeb Service "on-the-fly"
means weaving its choreography interface into the workflow
Attending responding becoming : a living-learning inquiry in a naturally inclusional playspace
Traditional scientific paradigms emphasise writing in the third person, effectively marginalising the subjective perspective of the researcher. Many systems thinking, cybernetics and complexity approaches are better in this regard, as they involve systemic interventions where the relationships between the researcher and other participants really matter. Writing in the first person therefore becomes acceptable.In this Thesis (and a partner document coupled with it), I have explored how to reincorporate subjective empiricism into my systemic intervention practice. This has brought forth many unanticipated contributions. These take the form of new frameworks, concepts and approaches for systems and complexity practice, emerging from my engagements with myself and others, as well as from reflections upon those engagements.However, the content of my reflections and ‘becomings’ are not all that represent my doctoral contribution; there is also the form of my representation(s), as well as the emergent nature of the process through which they have come to be. I have drawn from Gregory Bateson’s use of metalogues: where the nature of a conversation mirrors its content – e.g. getting into a muddle whilst talking about muddles! Intuitively, I grasped the importance of metalogue in what I was attempting, and found myself coining the term metalogic coherence. Without fully appreciating what this might mean in practice, I groped my way into undertaking and documenting my research in ways that I believed would be metalogically coherent with the complexity-attuned principles to which I was committing. In sum, and key to appreciating what unfolds in the narrative, is recognising this Thesis and its partner document as metalogically coherent artefacts of naturally inclusional, complexity-attuned, evolutionary research.To fully acknowledge the different ways of knowing that have flowed into my inquiry, I have written in multiple voices (called statewaves, for reasons to be explained in the thesis). I found myself shifting from one voice to another as I explored and expressed different dimensions of what I was experiencing and discovering.In addition, I have made liberal use of hyperlinks, so both documents are far from linear. They are more akin to a mycorrhizal network, interlinking flows of ideas and sensemaking, all of which can be accessed and experienced differently, depending on each reader’s engagement with and through it.The thesis and its partner document are part of a composite submission that contains both poetry and artwork (visual depictions and animations of the ideas). These elements, along with the more conventional academic text, are augmented by penetrating reflections on my personal motivations, guided by a narrator signposting the streams as they flow into and between each other. All of my being has been implicated and impacted by this endeavour. When insights and new ‘becomings’ emerged flowfully during my practice, my joy was reflected in my narrative; as indeed were my pain, doubts and reinterpretations associated with ideas that were difficult to birth. I present all this in my submission, without retrospective sanitisation or simplification. In so doing, I am keeping faith with the principle that I remain at the heart of my research, and cannot be extracted from it without doing violence to the metalogical coherence that gives it meaning
Programming and Proving with Distributed Protocols
Distributed systems play a crucial role in modern infrastructure, but are notoriously difficult to
implement correctly. This difficulty arises from two main challenges: (a) correctly implementing
core system components (e.g., two-phase commit), so all their internal invariants hold, and (b)
correctly composing standalone system components into functioning trustworthy applications (e.g.,
persistent storage built on top of a two-phase commit instance). Recent work has developed several
approaches for addressing (a) by means of mechanically verifying implementations of core distributed
components, but no methodology exists to address (b) by composing such verified components into
larger verified applications. As a result, expensive verification efforts for key system components are
not easily reusable, which hinders further verification efforts.
In this paper, we present Disel, the first framework for implementation and compositional
verification of distributed systems and their clients, all within the mechanized, foundational context
of the Coq proof assistant. In Disel, users implement distributed systems using a domain specific
language shallowly embedded in Coq and providing both high-level programming constructs as well
as low-level communication primitives. Components of composite systems are specified in Disel as
protocols, which capture system-specific logic and disentangle system definitions from implementation
details. By virtue of Disel’s dependent type system, well-typed implementations always satisfy
their protocols’ invariants and never go wrong, allowing users to verify system implementations
interactively using Disel’s Hoare-style program logic, which extends state-of-the-art techniques for
concurrency verification to the distributed setting. By virtue of the substitution principle and frame
rule provided by Disel’s logic, system components can be composed leading to modular, reusable
verified distributed systems.
We describe Disel, illustrate its use with a series of examples, outline its logic and metatheory,
and report on our experience using it as a framework for implementing, specifying, and verifying
distributed systems
Dualities in international management: exploring the role of managers as organizers of standardization/adaptation
In the international context, managers often face a contradictory imperative to organize the interpretive frames and actions of teams towards standardization/adaptation (a duality). Current etic approaches, entity perspectives, and variance models used to understand this phenomenon are limitative. Three inductive studies explore the role of managers from process perspectives and draw on theories of duality, sensemaking, and routines, to develop insights on how managers enact the work environment, use dynamic interpretations over time, and combine routinized and non-routinized behaviors to address the duality. The studies contribute to an open dialogue among different theoretical perspectives, opening new avenues for research
Holistic specifications for robust programs
Functional specifications describe what program components can do: the sufficient conditions to invoke components' operations. They allow us to reason about the use of components in a closed world setting, where components interact with known client code, and where the client code must establish the appropriate pre-conditions before calling into a component. Sufficient conditions are not enough to reason about the use of components in an \emph{open world} setting, where components interact with external code, possibly of unknown provenance, and where components may evolve over time. In this open world setting, we must also consider the possible external code. \emph{necessary} conditions, i.e, what are the conditions without which an effect will not happen. In this paper we propose the Chainmail specification language for writing {holistic specifications that focus on necessary conditions (as well as sufficient conditions). We give a formal semantics for \Chainmail, and discuss several examples. The core of \Chainmail has been mechanised in the Coq proof assistant
- …