Actris: session-type based reasoning in separation logic

Message passing is a useful abstraction to implement concurrent programs. For real-world systems, however, it is often combined with other programming and concurrency paradigms, such as higher-order functions, mutable state, shared-memory concurrency, and locks. We present Actris: a logic for proving functional correctness of programs that use a combination of the aforementioned features. Actris combines the power of modern concurrent separation logics with a first-class protocol mechanism - based on session types - for reasoning about message passing in the presence of other concurrency paradigms. We show that Actris provides a suitable level of abstraction by proving functional correctness of a variety of examples, including a distributed merge sort, a distributed load-balancing mapper, and a variant of the map-reduce model, using relatively simple specifications. Soundness of Actris is proved using a model of its protocol mechanism in the Iris framework. We mechanised the theory of Actris, together with tactics for symbolic execution of programs, as well as all examples in the paper, in the Coq proof assistant.Programming Language

Incentive-driven QoS in peer-to-peer overlays

A well known problem in peer-to-peer overlays is that no single entity has control over the software, hardware and configuration of peers. Thus, each peer can selfishly adapt its behaviour to maximise its benefit from the overlay. This thesis is concerned with the modelling and design of incentive mechanisms for QoS-overlays: resource allocation protocols that provide strategic peers with participation incentives, while at the same time optimising the performance of the peer-to-peer distribution overlay. The contributions of this thesis are as follows. First, we present PledgeRoute, a novel contribution accounting system that can be used, along with a set of reciprocity policies, as an incentive mechanism to encourage peers to contribute resources even when users are not actively consuming overlay services. This mechanism uses a decentralised credit network, is resilient to sybil attacks, and allows peers to achieve time and space deferred contribution reciprocity. Then, we present a novel, QoS-aware resource allocation model based on Vickrey auctions that uses PledgeRoute as a substrate. It acts as an incentive mechanism by providing efficient overlay construction, while at the same time allocating increasing service quality to those peers that contribute more to the network. The model is then applied to lagsensitive chunk swarming, and some of its properties are explored for different peer delay distributions. When considering QoS overlays deployed over the best-effort Internet, the quality received by a client cannot be adjudicated completely to either its serving peer or the intervening network between them. By drawing parallels between this situation and well-known hidden action situations in microeconomics, we propose a novel scheme to ensure adherence to advertised QoS levels. We then apply it to delay-sensitive chunk distribution overlays and present the optimal contract payments required, along with a method for QoS contract enforcement through reciprocative strategies. We also present a probabilistic model for application-layer delay as a function of the prevailing network conditions. Finally, we address the incentives of managed overlays, and the prediction of their behaviour. We propose two novel models of multihoming managed overlay incentives in which overlays can freely allocate their traffic flows between different ISPs. One is obtained by optimising an overlay utility function with desired properties, while the other is designed for data-driven least-squares fitting of the cross elasticity of demand. This last model is then used to solve for ISP profit maximisation

Actris 2.0: Asynchronous Session-Type Based Reasoning in Separation Logic

Message passing is a useful abstraction for implementing concurrent programs. For real-world systems, however, it is often combined with other programming and concurrency paradigms, such as higher-order functions, mutable state, shared-memory concurrency, and locks. We present Actris: a logic for proving functional correctness of programs that use a combination of the aforementioned features. Actris combines the power of modern concurrent separation logics with a first-class protocol mechanism -- based on session types -- for reasoning about message passing in the presence of other concurrency paradigms. We show that Actris provides a suitable level of abstraction by proving functional correctness of a variety of examples, including a channel-based merge sort, a channel-based load-balancing mapper, and a variant of the map-reduce model, using concise specifications. While Actris was already presented in a conference paper (POPL'20), this paper expands the prior presentation significantly. Moreover, it extends Actris to Actris 2.0 with a notion of subprotocols -- based on session-type subtyping -- that permits additional flexibility when composing channel endpoints, and that takes full advantage of the asynchronous semantics of message passing in Actris. Soundness of Actris 2.0 is proven using a model of its protocol mechanism in the Iris framework. We have mechanised the theory of Actris, together with custom tactics, as well as all examples in the paper, in the Coq proof assistant.Comment: 60 pages, 24 figure

Evaluation Approach for an Effective Blockchain Implementation in an Accounting Environment

Blockchain has the potential to revolutionize accounting transactions in the same way the Internet revolutionized the collection and dissemination of information. Nonetheless, like the Internet, blockchain technology is a double-edged sword offering tremendous benefits but also drawbacks. The literature points to inadequacies in blockchain implementations, particularly when evaluating and selecting controls to help ensure an effective blockchain implementation in organizations. This research develops an approach that not only addresses the inadequacies identified in the literature, but also prompts organizations to a more precise evaluation and selection of controls to achieve effective blockchain implementation. The approach uses Desirability Functions to quantify the desirability of each control after considering its benefits and drawbacks, providing organizations with an objective metric when assessing and selecting controls. Through a case assessment exercise, the approach proved successful in providing accurate evaluation, ranking, and potential selection of controls for organizations to consider when implementing blockchain accounting technology

Naming and discovery in networks : architecture and economics

In less than three decades, the Internet was transformed from a research network available to the academic community into an international communication infrastructure. Despite its tremendous success, there is a growing consensus in the research community that the Internet has architectural limitations that need to be addressed in a effort to design a future Internet. Among the main technical limitations are the lack of mobility support, and the lack of security and trust. The Internet, and particularly TCP/IP, identifies endpoints using a location/routing identifier, the IP address. Coupling the endpoint identifier to the location identifier hinders mobility and poorly identifies the actual endpoint. On the other hand, the lack of security has been attributed to limitations in both the network and the endpoint. Authentication for example is one of the main concerns in the architecture and is hard to implement partly due to lack of identity support. The general problem that this dissertation is concerned with is that of designing a future Internet. Towards this end, we focus on two specific sub-problems. The first problem is the lack of a framework for thinking about architectures and their design implications. It was obvious after surveying the literature that the majority of the architectural work remains idiosyncratic and descriptions of network architectures are mostly idiomatic. This has led to the overloading of architectural terms, and to the emergence of a large body of network architecture proposals with no clear understanding of their cross similarities, compatibility points, their unique properties, and architectural performance and soundness. On the other hand, the second problem concerns the limitations of traditional naming and discovery schemes in terms of service differentiation and economic incentives. One of the recurring themes in the community is the need to separate an entity\u27s identifier from its locator to enhance mobility and security. Separation of identifier and locator is a widely accepted design principle for a future Internet. Separation however requires a process to translate from the identifier to the locator when discovering a network path to some identified entity. We refer to this process as identifier-based discovery, or simply discovery, and we recognize two limitations that are inherent in the design of traditional discovery schemes. The first limitation is the homogeneity of the service where all entities are assumed to have the same discovery performance requirements. The second limitation is the inherent incentive mismatch as it relates to sharing the cost of discovery. This dissertation addresses both subproblems, the architectural framework as well as the naming and discovery limitations

Conjugate information disclosure in an auction with learning

We consider a single-item, independent private value auction environment with two bidders: a leader, who knows his valuation, and a follower, who privately chooses how much to learn about his valuation. We show that, under some conditions, an ex-post efficient revenue-maximizing auction—which solicits bids sequentially—partially discloses the leader's bid to the follower, to influence his learning. The disclosure rule that emerges is novel; it may reveal to the follower only a pair of bids to which the leader's actual bid belongs. The identified disclosure rule, relative to the first-best, induces the follower to learn less when the leader's valuation is low and more when the leader's valuation is high

Values and Success in Collegiate Athletics

The rapid commercialization of intercollegiate sports has changed the landscape of the hiring decisions and methodologies within university-associated athletic departments – especially within the Division I Football Bowl Subdivision (DI-FBS) (Wong, 2017). Most notably and recently, the strategies used to hire athletic directors (ADs) have underwent considerable revision – yet successful hires are far from a sure thing. Many strategies include allusions to leadership style, yet leadership styles are as numerous as there are researchers who study them – and are rarely implemented holistically, thus making their assessment and associated outcomes tenuous at best (Peachey et al., 2015). Hambrick and Mason’s (1984) Upper Echelon Theory (UET) suggests that organizational outcomes are at the very least partially predicted by the personality characteristics of its leader. Researchers have since found, in comparison with leadership style, personality characteristics of leaders that might be both more easily measured, more consistent across time, and have very real impacts at multiple levels within an organization (Barrick et al., 2016; Berson et al., 2008; Resick et al., 2009). Previous research on AD values has not assessed values using the popular Schwartz Theory of Basic Human Values (BVT) – which include ten motivationally distinct values that have been recognized in various cultures, languages, and contexts throughout the world (Ates & Agras, 2015; Schwartz, 1992). To that end, the purpose of this study is to identify, through correlational and summative analysis, the values of DI FBS ADs and how such values are related to success as an organization via the 2017-2018 National Association of Collegiate Directors of Athletics (NACDA) Learfield-IMG College Directors’ Cup Rankings. Findings will provide insight into the values that ADs of successful organizations share, which may help inform administrative hiring practices moving forward

Toward an Analysis of the Abductive Moral Argument for God’s Existence: Assessing the Evidential Quality of Moral Phenomena and the Evidential Virtuosity of Christian Theological Models

The moral argument for God’s existence is perhaps the oldest and most salient of the arguments from natural theology. In contemporary literature, there has been a focus on the abductive version of the moral argument. Although the mode of reasoning, abduction, has been articulated, there has not been a robust articulation of the individual components of the argument. Such an articulation would include the data quality of moral phenomena, the theoretical virtuosity of theological models that explain the moral phenomena, and how both contribute to the likelihood of moral arguments. The goal of this paper is to provide such an articulation. Our method is to catalog the phenomena, sort them by their location on the emergent hierarchy of sciences, then describe how the ecumenical Christian theological model exemplifies evidential virtues in explaining them. Our results show that moral arguments are neither of the highest or lowest quality yet can be assented to on a principled level of investigation, especially given existential considerations