Weak refinement in Z

An important aspect in the specification of distributed systems is the role of the internal (or unobservable) operation. Such operations are not part of the user interface (i.e. the user cannot invoke them), however, they are essential to our understanding and correct modelling of the system. Various conventions have been employed to model internal operations when specifying distributed systems in Z. If internal operations are distinguished in the specification notation, then refinement needs to deal with internal operations in appropriate ways. However, in the presence of internal operations, standard Z refinement leads to undesirable implementations. In this paper we present a generalization of Z refinement, called weak refinement, which treats internal operations differently from observable operations when refining a system. We illustrate some of the properties of weak refinement through a specification of a telecommunications protocol

Viewpoint consistency in Z and LOTOS: A case study

Specification by viewpoints is advocated as a suitable method of specifying complex systems. Each viewpoint describes the envisaged system from a particular perspective, using concepts and specification languages best suited for that perspective. Inherent in any viewpoint approach is the need to check or manage the consistency of viewpoints and to show that the different viewpoints do not impose contradictory requirements. In previous work we have described a range of techniques for consistency checking, refinement, and translation between viewpoint specifications, in particular for the languages LOTOS and Z. These two languages are advocated in a particular viewpoint model, viz. that of the Open Distributed Processing (ODP) reference model. In this paper we present a case study which demonstrates how all these techniques can be combined in order to show consistency between a viewpoint specified in LOTOS and one specified in Z. Keywords: Viewpoints; Consistency; Z; LOTOS; ODP

Incompleteness of relational simulations in the blocking paradigm

Refinement is the notion of development between formal specifications For specifications given in a relational formalism downward and upward simulations are the standard method to verify that a refinement holds their usefulness based upon their soundness and joint completeness This is known to be true for total relational specifications and has been claimed to hold for partial relational specifications in both the non-blocking and blocking interpretations In this paper we show that downward and upward simulations in the blocking interpretation where domains are guards are not Jointly complete This contradicts earlier claims in the literature We illustrate this with an example (based on one recently constructed by Reeves and Streader) and then construct a proof to show why Joint completeness fails in general (C) 2010 Elsevier B V All rights reserve

Location-Aware Quality of Service Measurements for Service-Level Agreements

We add specifications of location-aware measurements to performance models in a compositional fashion, promoting precision in performance measurement design. Using immediate actions to send control signals between measurement components we are able to obtain more accurate measurements from our stochastic models without disturbing their structure. A software tool processes both the model and the measurement specifications to give response time distributions and quantiles, an essential calculation in determining satisfaction of service-level agreements (SLAs)

On Behavioural Subtyping in LOTOS

We consider how the OO notion of subtyping relates to LOTOS testing theory. In particular, we investigate which of the standard LOTOS preorders is a suitable instantiation of behavioural subtyping and argue that each of the main preorders, trace preorder, trace extension, reduction and extension, is in some way deficient. Then, in the light of pre and post condition based models of OO subtyping, we re-work the basic interpretation applied to LOTOS behaviour descriptions. We argue that this re-interpretation enables reduction to be used as an instantiation of behavioural subtyping

Incentives for content availability in memory-less peer-to-peer file sharing systems

In this paper we address the issue of content availability in p2p file sharing systems. Content availability is a public good: the copying of a file by one peer does not prevent another peer also from copying it; but contributing files to the common pool is costly. The asymptotic analysis of certain public good models for p2p file sharing suggests that when the aim is to maximize social welfare, a fixed contribution scheme in terms of the number of files shared per unity of time can be asymptotically optimal as the number of participants n grows to infinity. However, the enforcement of such an incentive scheme is not straightforward in a realistic p2p system, where no trusted software or central entity accounting for peers ’ transactions can be assumed and peers are free to change their identity with no cost. We present a realistic version of the fixed contribution scheme, which does not require the use of system memory but relies only on the time peers are consuming resources to ensure that they contribute adequately. We describe the functionality that should be supported for enforcement and discuss the additional incentive issues that arise in this context, proposing some practical solutions to address them. We also formulate a suitable economic model to estimate the efficiency-loss of the proposed mechanism (compared to the one achieved using the theoretically optimal schemes under complete and incomplete information) and provide some insights for the correct tuning of its basic parameters. Our first results indicate that the proposed mechanism constitutes a good compromise between economic efficiency and implementability and should lead to some interesting and practical solutions for providing incentives for content availability in p2p systems