Size-Change Termination as a Contract

Termination is an important but undecidable program property, which has led to a large body of work on static methods for conservatively predicting or enforcing termination. One such method is the size-change termination approach of Lee, Jones, and Ben-Amram, which operates in two phases: (1) abstract programs into "size-change graphs," and (2) check these graphs for the size-change property: the existence of paths that lead to infinite decreasing sequences. We transpose these two phases with an operational semantics that accounts for the run-time enforcement of the size-change property, postponing (or entirely avoiding) program abstraction. This choice has two key consequences: (1) size-change termination can be checked at run-time and (2) termination can be rephrased as a safety property analyzed using existing methods for systematic abstraction. We formulate run-time size-change checks as contracts in the style of Findler and Felleisen. The result compliments existing contracts that enforce partial correctness specifications to obtain contracts for total correctness. Our approach combines the robustness of the size-change principle for termination with the precise information available at run-time. It has tunable overhead and can check for nontermination without the conservativeness necessary in static checking. To obtain a sound and computable termination analysis, we apply existing abstract interpretation techniques directly to the operational semantics, avoiding the need for custom abstractions for termination. The resulting analyzer is competitive with with existing, purpose-built analyzers

A THEORY OF RATIONAL CHOICE UNDER COMPLETE IGNORANCE

This paper contributes to a theory of rational choice under uncertainty for decision-makers whose preferences are exhaustively described by partial orders representing ""limited information."" Specifically, we consider the limiting case of ""Complete Ignorance"" decision problems characterized by maximally incomplete preferences and important primarily as reduced forms of general decision problems under uncertainty. ""Rationality"" is conceptualized in terms of a ""Principle of Preference-Basedness,"" according to which rational choice should be isomorphic to asserted preference. The main result characterizes axiomatically a new choice-rule called ""Simultaneous Expected Utility Maximization"" which in particular satisfies a choice-functional independence and a context-dependent choice-consistency condition; it can be interpreted as the fair agreement in a bargaining game (Kalai-Smorodinsky solution) whose players correspond to the different possible states (respectively extermal priors in the general case).

Chippe : a system for constraint driven behavioral synthesis

This report describes the Chippe system, gives some background previous work and describes several sample design runs of the system. Also presented are the sources of the design tradeoffs used by Chippe, and overview of the internal design model, and experiences using the system

Best Complete Approximations of Preference Relations

We investigate the problem of approximating an incomplete preference relation $\succsim$ on a finite set by a complete preference relation. We aim to obtain this approximation in such a way that the choices on the basis of two preferences, one incomplete, the other complete, have the smallest possible discrepancy in the aggregate. To this end, we use the top-difference metric on preferences, and define a best complete approximation of $\succsim$ as a complete preference relation nearest to $\succsim$ relative to this metric. We prove that such an approximation must be a maximal completion of $\succsim$, and that it is, in fact, any one completion of $\succsim$ with the largest index. Finally, we use these results to provide a sufficient condition for the best complete approximation of a preference to be its canonical completion. This leads to closed-form solutions to the best approximation problem in the case of several incomplete preference relations of interest

UML 2.0 interactions with OCL/RT constraints

The use of formal methods at early stages of software development contributes to the reliability and robustness of the system to be constructed. Int his context, real-time system development benefits from the construction of behavioral models in order to verify the correct satisfaction of time constraints. The Unified Modeling Language (UML) is a software specification language widely used by the industry and the academia. Nevertheless, its version 2.0 lacks a formal semantics for the development of provably-correct models. In addition, its constraint specification language, Object Constraint Language (OCL), has limitations for its use in behavioral models of real-time systems. This work concerns the inter-component behavioral specification of real-time systems. Such behavior is described using the UML 2.0 Interactions language extended for the inclusion of time constraints using the OCL for Real Time (OCL/RT) language. The main problem addressed in this work is the definition of a formal semantics for the fusion of both languages. The semantics allows recognizing valid and invalid behaviors of a system with time constraints. Intended for formal verification, an analysis of the properties derived from the semantics is also done. In particular, the notions of refinement of interactions and refinement of constraints are explored. Finally, the proposal is compared with related works and its practical application is studied in order to analyze its benefits and weaknesses. This work contributes to the formalization of concepts widely used in practice and, inconsequence, to its inclusion in modeling and formal reasoning tools. More-over, the expressivity of the UML 2.0 Interactions language is augmented in order to support complex real-time constraints, not expressable until this moment