Programming-logic analysis of fault tolerance: expected performance of self-stabilisation

  • Authors:

  • C. C. Morgan;A. K. McIver

  • Affiliations:

  • Dept. Comp. Sci. and Eng., University of NSW, Sydney, Australia;Dept. Computer Science, Macquarie University, Sydney, Australia

  • Venue:
  • Rigorous Development of Complex Fault-Tolerant Systems
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Formal proofs of functional correctness and rigorous analyses of fault tolerance have, traditionally, been separate processes. In the former a programming logic (proof) or computational model (model checking) is used to establish that all the system’s behaviours satisfy some (specification) criteria. In the latter, techniques derived from engineering are used to determine quantitative properties such as probability of failure (given failure of some component) or expected performance (an average measure of execution time, for example). To combine the formality and the rigour requires a quantitative approach within which functional correctness can be embedded. Programming logics for probability are capable in principle of doing so, and in this article we illustrate the use of the probabilistic guarded-command language (pGCL) and its logic for that purpose. We take self-stabilisation as an example of fault tolerance, and present program-logical techniques for determining, on the one hand, that termination occurs with probability one and, on the other, the the expected time to termination is bounded above by some value. An interesting technical novelty required for this is the recognition of both “angelic” and “demonic” refinement, reflecting our simultaneous interest in both upper- and lower bounds.