Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modeling change without breaking promises Alva Couch Hengky Susanto Marc Chiarini Tufts University.

Published byCamron Wilkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Modeling change without breaking promises Alva Couch Hengky Susanto Marc Chiarini Tufts University."— Presentation transcript:

1 Modeling change without breaking promises Alva Couch Hengky Susanto Marc Chiarini Tufts University

2 Promises A promise is a one-sided agreement from the sender to conform to some limits upon the sender’s behavior. Sender agrees to some behavior b (called a promise body) Receiver simply observes and is not obligated. sender s receiver r promise π= our notation

3 Conditional promises A conditional promise constrains the sender’s behavior only under certain conditions. In our calculus of conditions, only other promises can be conditions. The notation | means that s 2 promises b 2 to r 2 only if it observes that s 1 has promised b 1 to r 1. Subtle: the above is really one promise with a special body: )>

4 One problem with promises...... is that they aren’t valid “forever”. If conditions change, an agent must “break promises”. A broken promise occurs when an agent promises something contradictory to a prior promise it has made. Note that a promise may also be unfulfilled; this is different from breaking a promise.

5 Semantics of broken promises The “contradiction” that signals that a promise is broken can be complex. A promise body can be thought of as a set of prolog-style facts. A broken promise is one in which the facts are logically inconsistent with those of some prior promise.

6 Example of a broken promise fileservice(100ms) – I promise to give you file service with an average response time of 100ms. fileservice(70ms) – better, not a broken promise. fileservice(200ms) – worse, and breaks both other promises. Semantics of broken promises are complex and depend upon semantics of promise bodies!

7 How not to break promises Scope promises in time and by events. Avoid having to infer contradictions to invalidate promises. Really, this is part of the type system of promise bodies. But we can separate this scoping from the type system via a simple notation.

8 Operative and inoperative promises A promise is operative (at a particular time) if it holds at that time, and inoperative otherwise. 1.Unconditional promises are operative until they are broken. 2.Conditional promises are operative if their conditions are operative.

9 α and τ Two new promise bodies: –τ(increment) is operative from current time to current time + increment –α(promise) is operative until receipt of the specified promise. And one new operator: –﹁(p) is operative whenever p is not operative.

10 Implicit sender and receiver means b is operative for one second only. We can “factor” τ out of the promise body: | But only s,r make sense as sender and receiver of τ. Thus we can write: |τ(1 second) without confusion

11 Timing diagrams operative inoperative lookup()|τ(2 hours) received 2 hours τ(2 hours) lookup()|τ(2 hours) deleted operative inoperative ﹁τ(2 hours) lookup()|﹁τ(2 hours) received lookup()|﹁τ(2 hours) condition deleted

12 Leasing and gating τ is operative for a given amount of time. –So τ can be used to simulate leasing. α is operative until a given promise is received. –So α can be used to simulate gating, in which receipt of one promise activates or deactivates another.

13 Leasing | τ(2 hours) a DHCP lease grants use of an IP address for two hours. |﹁τ(1 hour), τ(3 hours) s offers r fileservice one hour from now, for two hours. (a list of conditions is a conjunction)

14 Gating | α( ) offer fileservice until told to stop offering it. |τ(0) stop offering file service any more. (τ(0) becomes operative and then non-operative at the same time step and “gates” the transition.) (stop() is an abstract promise whose meaning is just to gate another one)

15 Some facts about α and τ After a α or τ clause becomes inoperative, it will never become operative again, and any conditionals containing it can be permanently deleted. After a ﹁α or ﹁τ clause becomes operative, it will never become inoperative again, and it can be permanently omitted from any conditionals in which it appears. At any particular time, the operative promises can be computed from a conditional promise set that is free of α and τ clauses.

16 Type factoring Consider the promise system | τ(2 hours) | α( ) At any time, this system can be reduced to an equivalent one free of α and τ. The reduction differs, depending upon time and events.

17 Before 2 hours are up and not received Reduced system: | τ(2 hours) | α( )

18 After 2 hours are up and not received Reduced system: | τ(2 hours) | α( )

19 After 2 hours are up and after received Reduced system: | τ(2 hours) | α( )

20 Claims α and τ are the minimal necessary operators for accomplishing change in promise networks without breaking promises. They are: –self-erasing when purpose is complete –scalable to use in complex tasks –flexible; any sequence of promise states can be managed in the promise space of the recipient. –external to the type system of promise bodies.

21 What is system health? Old model of system health: ability to satisfy needs via passive acceptance. New model of system health: ability to satisfy needs via active citizenship.

22 Modeling change without breaking promises Alva Couch Hengky Susanto Marc Chiarini Tufts University

Download ppt "Modeling change without breaking promises Alva Couch Hengky Susanto Marc Chiarini Tufts University."

Similar presentations

Logic & Critical Reasoning

Logic & Critical Reasoning
UML State chart/machine diagram State machine diagram is a behavior diagram which shows discrete behavior of a part of designed system through finite state.

UML State chart/machine diagram State machine diagram is a behavior diagram which shows discrete behavior of a part of designed system through finite state.
Justification-based TMSs (JTMS) JTMS utilizes 3 types of nodes, where each node is associated with an assertion: 1.Premises. Their justifications (provided.

Justification-based TMSs (JTMS) JTMS utilizes 3 types of nodes, where each node is associated with an assertion: 1.Premises. Their justifications (provided.
Truth Maintenance Systems. Outline What is a TMS? Basic TMS model Justification-based TMS.

Truth Maintenance Systems. Outline What is a TMS? Basic TMS model Justification-based TMS.
Names and Bindings.

Names and Bindings.
Digital Logic Design Lecture 22. Announcements Homework 7 due today Homework 8 on course webpage, due 11/20. Recitation quiz on Monday on material from.

Digital Logic Design Lecture 22. Announcements Homework 7 due today Homework 8 on course webpage, due 11/20. Recitation quiz on Monday on material from.
© 2006 ITT Educational Services Inc. SE350 System Analysis for Software Engineers: Unit 9 Slide 1 Appendix 3 Object-Oriented Analysis and Design.

© 2006 ITT Educational Services Inc. SE350 System Analysis for Software Engineers: Unit 9 Slide 1 Appendix 3 Object-Oriented Analysis and Design.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Use-case Modeling.

Use-case Modeling.
Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.

Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.
Why Behavioral Wait statement Signal Timing Examples of Behavioral Descriptions –ROM.

Why Behavioral Wait statement Signal Timing Examples of Behavioral Descriptions –ROM.
Basic Input/Output Operations

Basic Input/Output Operations
4/10/20081 Lab 9 RT methodology introduction Register operations Data Path Control Path ASM Example TA: Jorge Crichigno.

4/10/20081 Lab 9 RT methodology introduction Register operations Data Path Control Path ASM Example TA: Jorge Crichigno.
EEC-681/781 Distributed Computing Systems Lecture 10 Wenbing Zhao Cleveland State University.

EEC-681/781 Distributed Computing Systems Lecture 10 Wenbing Zhao Cleveland State University.
Practical Object-Oriented Design with UML 2e Slide 1/1 ©The McGraw-Hill Companies, 2004 PRACTICAL OBJECT-ORIENTED DESIGN WITH UML 2e Chapter 10: Statecharts.

Practical Object-Oriented Design with UML 2e Slide 1/1 ©The McGraw-Hill Companies, 2004 PRACTICAL OBJECT-ORIENTED DESIGN WITH UML 2e Chapter 10: Statecharts.
CHAPTER 8 Documentary Letters of Credit

CHAPTER 8 Documentary Letters of Credit
Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.

Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.
UML Class Diagrams: Basic Concepts. Objects –The purpose of class modeling is to describe objects. –An object is a concept, abstraction or thing that.

UML Class Diagrams: Basic Concepts. Objects –The purpose of class modeling is to describe objects. –An object is a concept, abstraction or thing that.
Business Rules: The Promise of Data Warehousing. In the Beginning: Formulating Business Rules The Business Objectives The Promise (Data Warehousing) –

Business Rules: The Promise of Data Warehousing. In the Beginning: Formulating Business Rules The Business Objectives The Promise (Data Warehousing) –
UML Sequence Diagrams Michael L. Collard, Ph.D. Department of Computer Science Kent State University.

UML Sequence Diagrams Michael L. Collard, Ph.D. Department of Computer Science Kent State University.

Similar presentations

Ads by Google